From: Theo Buehler Subject: Re: anonymous gotsh user's password entry and security(8) To: Alexander Arkhipov , gameoftrees@openbsd.org Date: Wed, 14 Jun 2023 18:31:00 +0200 On Wed, Jun 14, 2023 at 06:24:00PM +0200, Stefan Sperling wrote: > On Wed, Jun 14, 2023 at 05:39:28PM +0300, Alexander Arkhipov wrote: > > Sorry if that's been asked before: I've read the gotd(8), gotsh(1) and > > got.conf(5) man pages, and searched through the list, but can't find the > > information. > > > > I have anonymous gotd set up on an OpenBSD box. The password entry looks > > like this: > > > > anon::1006:1006::0:0:Anon:/var/empty:/usr/local/bin/gotsh > > > > However, I get daily messages to my mail like so: > > > > > Running security(8): > > > > > > Checking the /etc/master.passwd file: > > > Login anon has no password. > > > > I have also read security(8), and the script /usr/libexec/security > > itself. It seems that an exception is only ever made for the user > > anoncvs running anoncvssh. > > > > nag $pwd eq '' && !($name eq 'anoncvs' && > > $shell =~ /\/anoncvssh$/), > > "Login $name has no password."; > > > > So, is there something special I need to do to get rid of these > > messages? Do I just make an ad-hoc modification of the script and wait > > for better times? > > For now, either ignore the message or tweak the script. I don't know if > a patch to security(8) to remove this message for gotsh(1) in a similar > way would be accepted. Probably not at this stage. I thought setting the password field to '*************' (13 stars) was one way of silencing this warning. One of useradd or adduser does this and the security script has a "length $pwd != 13" exemption for that reason.