Bug #579

root account locking after installation

Added by Peter Ludikovsky over 3 years ago. Updated over 3 years ago.

Status:Closed Start date:2010-12-28
Priority:Normal Due date:
Assignee:- % Done:

0%

Category:Security
Target version:oi_148
Difficulty:Medium Tags:needs-triage

Description

By default the password for the root user is expired instead of a locked account or similar. A regular 'su -' will show a password changing prompt, allowing anyone to set a root password without previous authentication (eg. if a machine is left unattended and unlocked).

Instead the account should be locked or, if not possible due to scripts requiring this state, have a random password (like in Ubuntu), requiring user authentication prior to changing the password.


Related issues

duplicates OpenIndiana Distribution - Bug #636: Fix graphical installer to prevent root password expiring Closed 2011-01-16

History

Updated by Olivier Pinard over 3 years ago

http://www.illumos.org/issues/619

It can help you. Just have to test or have luck.

Updated by Matt Wilby over 3 years ago

  • Status changed from New to Closed

Duplicate. New bug #636 created to cover all instances (#204, #579, #619) .

Also available in: Atom PDF