nullokoption allow users to login without entering a password?
# cat password-auth | grep nullok auth sufficient pam_unix.so nullok password sufficient pam_unix.so sha512 shadow nullok use_authtok
How to disallow console login without password?
User account without a password is able to login from console, as log message recorded in
login: pam_unix(login:auth): user [bob] has blank password; authenticated without it login: pam_unix(login:session): session opened for user bob by LOGIN(uid=0) login: LOGIN ON tty1 BY bob
One of below items is returned by security scanner:
- The system must not have accounts configured with blank or null passwords (V-71937)
- RHEL 8 must not allow blank or null passwords in the system-auth file (V-244540)
- RHEL 8 must not allow blank or null passwords in the password-auth file (V-244541)
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.