From nobody@FreeBSD.org  Fri Jan  4 02:15:05 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 29BB437B416
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  4 Jan 2002 02:15:05 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g04AF5J96524;
	Fri, 4 Jan 2002 02:15:05 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200201041015.g04AF5J96524@freefall.freebsd.org>
Date: Fri, 4 Jan 2002 02:15:05 -0800 (PST)
From: Matthias <cropone@gmx.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: root access without password
X-Send-Pr-Version: www-1.0

>Number:         33525
>Category:       i386
>Synopsis:       root access without password
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 04 02:20:01 PST 2002
>Closed-Date:    Wed Jun 19 12:45:19 PDT 2002
>Last-Modified:  Wed Jun 19 12:45:19 PDT 2002
>Originator:     Matthias
>Release:        4.4
>Organization:
>Environment:
FreeBSD  4.4-RELEASE FreeBSD  4.4-RELEASE #0: Tue Sep 11:57:08 PDT 2001 murray@builder.FreeBSD.org:/usr/src/sys/compile/GENERIC  i386      
>Description:
hi mates,

yesterday i installed my version of freebsd, and i added an additional user account. i think i typed a wrong password ( not that what i wanted). this morning i wanted to login as the user and typed username and password --> login incorrect. now i wanted to login as root to fix the problem.
but when i typed the username and pressed enter i got a bash shell without requesting a password. thats really unsecure i think :)
now ill reboot my machine to see if i can login normaly as root at first! 
same problem. but when i press strg-c after typing the username i got an output --> Jan 4 10:07:19  login: pam_authenticate: Conversation error


so .. thats all, now ill reinstall FreeBSD cause thats the first time i have this prob with that release!
i think the problem was the wrong password while adding an addintional user ... dunno why :)


hope i could help u with that prob.

regards,
matthias
 
>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:

From: "Alexey V. Neyman" <alex.neyman@auriga.ru>
To: Matthias <cropone@gmx.de>, bug-followup@FreeBSD.org
Cc:  
Subject: Re: i386/33525: root access without password
Date: Fri, 4 Jan 2002 14:28:18 +0300

 `root' account is passwordless right after the installation. So, unless 
 you changed its password (either through a dialog in installation 
 utility, sysinstall, or directly with `passwd' command), this is 
 expected behaviour.
 
 Regards,
 Alexey.
 
 -- 
 <------------------------->
  ) May the Sun and Water (   Regards, Alexey V. Neyman
  ) always fall upon you! (   mailto:alex.neyman@auriga.ru
 <------------------------->

From: Mahesh Pandya <hiten@uk.FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, cropone@gmx.de
Cc: bug-followup@freebsd.org
Subject: Re: i386/33525: root access without password
Date: Fri, 04 Jan 2002 11:27:50 +0000

 The 'login:' prompt will not ask for a password, because when you
 installed FreeBSD 4.4/4.3, you have to visit the 'Configure' section
 of the SysInstall utility and select the 'Root Password' menu selection,
 and you  have to assign a root password through that menu.
 
 This step is also documented in the 'FreeBSD Handbook', but it seems
 that you
 tried to / or missed the section by mistake or whatever...
 
 This PR can be closed if no further similar problems occur on the PR
 Database.
 
  - Hiten
  - <hiten@uk.FreeBSD.org.uk>
 
 -- 
 SSH Fingerprint:
 1024 45:a5:9c:f2:fb:07:da:70:18:02:0b:f3:63:f1:7a:a6 hitenp@hpdi.ath.cx

From: Mahesh Pandya <hiten@uk.FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, cropone@gmx.de
Cc: bug-followup@freebsd.org
Subject: Re: i386/33525: root access without password
Date: Fri, 04 Jan 2002 11:27:50 +0000

 The 'login:' prompt will not ask for a password, because when you
 installed FreeBSD 4.4/4.3, you have to visit the 'Configure' section
 of the SysInstall utility and select the 'Root Password' menu selection,
 and you  have to assign a root password through that menu.
 
 This step is also documented in the 'FreeBSD Handbook', but it seems
 that you
 tried to / or missed the section by mistake or whatever...
 
 This PR can be closed if no further similar problems occur on the PR
 Database.
 
  - Hiten
  - <hiten@uk.FreeBSD.org.uk>
 
 -- 
 SSH Fingerprint:
 1024 45:a5:9c:f2:fb:07:da:70:18:02:0b:f3:63:f1:7a:a6 hitenp@hpdi.ath.cx

From: CROPONE@gmx.de
To: freebsd-gnats-submit@FreeBSD.org, cropone@gmx.de
Cc:  
Subject: Re: i386/33525: root access without password
Date: Fri, 4 Jan 2002 13:59:07 +0100 (MET)

 hi all,
 
 i know what want to tell me, but i setted up a root password. it was the
 last point in my installation.
 
 so, what can we do ?
 
 
 regards,
 Matthias
 
 -- 
 GMX - Die Kommunikationsplattform im Internet.
 http://www.gmx.net
 

From: "Crist J. Clark" <cristjc@earthlink.net>
To: CROPONE@gmx.de
Cc: bug-followup@freebsd.org
Subject: Re: i386/33525: root access without password
Date: Fri, 4 Jan 2002 14:57:47 -0800

 On Fri, Jan 04, 2002 at 05:00:02AM -0800, CROPONE@gmx.de wrote:
 > 
 >  hi all,
 >  
 >  i know what want to tell me, but i setted up a root password. it was the
 >  last point in my installation.
 >  
 >  so, what can we do ?
 
 Can you reproduce the problem and tell us the exact way to do so?
 -- 
 "It's always funny until someone gets hurt. Then it's hilarious."
 
 Crist J. Clark                     |     cjclark@alum.mit.edu
                                    |     cjclark@jhu.edu
 http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

From: CROPONE@gmx.de
To: freebsd-gnats-submit@FreeBSD.org, cropone@gmx.de
Cc:  
Subject: Re: i386/33525: root access without password
Date: Sun, 6 Jan 2002 11:57:30 +0100 (MET)

 hi all,
 
 so ill try to give u a follow up of my installation. sorry but i cant
 reinstall FreeBSd on the machine again with the same faults cause a gameserver runs
 on it.
 
 i did a standart installation with the "graphical" followup.
 at the end of the followup i was offered to a a additional user account.
 i did it. but i think ive mistyped the password.
 after this u have to choose a root password.
 i did it. then i halted the machine.
 next morning i startet the pc and .... ( written@top of thread )
 
 
 so, u can see i did a normal installation without any kernelmods. if i have
 to possibility to reproduce the problem on another box ill do this and post
 it here.
 
 
 regards,
 matthias
 
 -- 
 GMX - Die Kommunikationsplattform im Internet.
 http://www.gmx.net
 
State-Changed-From-To: open->feedback 
State-Changed-By: sheldonh 
State-Changed-When: Wed Jan 16 06:45:29 PST 2002 
State-Changed-Why:  
Waiting for the originator to reproduce the problem or confirm 
that we can close the PR> 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=33525 

From: Sheldon Hearn <sheldonh@starjuice.net>
To: "Crist J. Clark" <cristjc@earthlink.net>
Cc: bug-followup@freebsd.org
Subject: Re: i386/33525: root access without password 
Date: Wed, 16 Jan 2002 16:47:49 +0200

 On Sat, 05 Jan 2002 10:00:02 PST, "Crist J. Clark" wrote:
 
 >  >  i know what want to tell me, but i setted up a root password. it was the
 >  >  last point in my installation.
 >  >  
 >  >  so, what can we do ?
 >  
 >  Can you reproduce the problem and tell us the exact way to do so?
 
 I'm guessing the root password was set to the empty string, wasn't set,
 or was set but not written to disk by the time sysinstall terminated
 (either because of a segfault, a premature powerdown, a system lockup or
 whatever).
 
 Unless the originator can show us how to reproduce the behaviour
 reported, I think we can close this PR, because it certainly doesn't
 agree with the experiences of many of us.  Matthias?
 
 Ciao,
 Sheldon.
State-Changed-From-To: feedback->closed 
State-Changed-By: ceri 
State-Changed-When: Wed Jun 19 12:44:55 PDT 2002 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33525 
>Unformatted:
