Matt Seitz (matseitz) wrote: >> From: John R Pierce <pierce at hogranch.com> >> >> * tells it to look in /etc/shadow, where I'd expect you would >> find said >> "x" for no login. > > I'm confused. My current "/etc/passwd" has "x" in the password field for user "root", and I can log in as root. > > The CentOS documentation also says that "x" means "use /etc/shadow": > > http://www.centos.org/docs/4/4.5/System_Administration_Guide/s2-redhat-config-users-process.html > http://www.centos.org/docs/4/html/rhel-isa-en-4/s1-acctsgrps-rhlspec.html A "*" means that the user in question can not login. In this case you DO NOT want to integrate these changes ... as the default passwd file initially put in etc at system install time (by the setup rpm) is adjusted to have an "x" (by anaconda) if you are using a shadow password file (and almost everyone wants to use a shadow password file). That default passwd.rpmnew file also has NO PASSWD for root ... BAD :D If you look in your /etc/shadow file, you will see that all the users who have a "*" in that "default" passwd.rpmnew file have a "*" instead in /etc/shadow, so the that same restriction to login is now enforced in the shadow file (where the system will look if you have shadow passwds enabled). This issue was caused in CentOS-4 (a /etc/passwd.rpmnew file) due to an update to the "setup" rpm in March ... and in this case, you can remove/ignore that file. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080628/e994dcaa/attachment-0005.sig>