- 论坛徽章:
- 13
|
回复 3# Samdy_Chan
http://www.faqs.org/docs/Linux-HOWTO/User-Authentication-HOWTO.html
Disabling logins for user with null passwords
On most linux systems, there a number of "dummy" user accounts, used to assign privileges to certain system services like ftp, webservers, and mail gateways. Having these accounts allows your system to be more secure, because if these services are compromised, an attacker will only gain the limited privileges available to the dummy account, rather than the full privileges of a service running as root. However, allowing these dummy account login privileges is a security risk, as they usually have blank (null) passwords. The configuration option that enables null passwords is the "nullok" module-argument. You'll want remove this argument from any modules of 'auth' type for services that allow login. This is usually the login service, may also include services like rlogin and ssh. Hence, the following line in /etc/pam.d/login:
auth required pam_unix.so nullok
should be changed to:
auth required pam_unix.so
|
|