login & su: Treat an empty passwd field as invalid (#315)

* login & su: Treat an empty passwd field as invalid Otherwise it's treated like the “require no password” clause while it probably should be treated like a normal su that can't validate anyway. A similar change should be done for USE_PAM. * su & login: Introduce PREVENT_NO_AUTH
2021-03-29 05:16:03 +02:00
parent 697901a328
commit b865e14f25
4 changed files with 38 additions and 0 deletions
--- a/etc/login.defs
+++ b/etc/login.defs
@ -458,3 +458,12 @@ USERGROUPS_ENAB yes
 # primary group.
 #
 #GRANT_AUX_GROUP_SUBIDS yes
+
+#
+# Prevents an empty password field to be interpreted as "no authentication
+# required".
+# Set to "yes" to prevent for all accounts
+# Set to "superuser" to prevent for UID 0 / root (default)
+# Set to "no" to not prevent for any account (dangerous, historical default)
+
+PREVENT_NO_AUTH superuser