0

Back in the days of Redhat 9 I set up networks using dumb terminals that used telnet to log in to the server. And simply by deleting the 'X' in /etc/passwd for the user, the user could log in with a user name only. This allowed easy operation of the workstations.

Security is not a concern. The Linux server is located at the same premises and is not locked away - so anyone with malicious intent could have full access to the system. However, the users who log in with just their user name get sent, by means of a login script, into the application program and get logged out automatically when they quit the application. The Internet access is only with password protected SSH on a non-standard high port.

In recent years I have been using Ubuntu for the servers and I have not been able to eliminate the requirement for a password. The best I could do was allow a null password, but the user still had to press Enter to submit the null password after entering the user name.

I am now planning to replace the Redhat 9 servers next year to Ubuntu Lucid Lynx and would like to keep the old dumb terminals in operation as before.

Can someone please tell me how the adjust the configuration files in /etc/pam.d so as to emulate the old RH9 telnet behavior while still keeping the Internet access secure?

simplr
  • 520
  • 5
  • 11

2 Answers2

2

You need to enable the nullok option for the pam_unix module in the auth action. If you're feeling really insecure, you can do it globally (in the common-auth file), or else do it for just the service(s) you want to allow it for (probably best to remove the @include common-auth for that service, too).

womble
  • 95,029
  • 29
  • 173
  • 228
  • Thank you very much womble. It does just what I wanted when I changed 'nullok_secure' to just 'nullok' in /etc/pam.d/common-auth. I was not successful in doing it just for telnet, but the SSH configuration prevents empty passwords so it seems secure enough from outside the LAN where the ADSL router blocks everything except the port I use for SSH and port 80. – simplr Nov 15 '09 at 16:24
2

I know security isn't a concern but using SSH with SSH keys can remove the requirement for a password to be entered.

Some creative symlinking of telnet to ssh could carry you across the line?

Just a thought

Antitribu
  • 1,709
  • 3
  • 23
  • 37
  • With security not being a concern, how could one get any benefit from using SSH? SSH, because of the encryption is inherently slower than telnet, and setting up SSH keys is an extra administration task. Besides that, the old dumb terminals have no way of understanding SSH. – simplr Nov 19 '09 at 22:07
  • Off the top of my head 1) There are levels of dumb terminals; some can understand ssh some can't 2) more encrypted traffic flying around the network rarely hurts. 3) what in the nines are you doing on a LAN that the overhead of an SSH session would actually impact them? (thats a serious question I want to know) 4) The overhead of deployment of SSH-Keys isn't usually much of a hassle and the benefits almost always outweigh the drawbacks. 5) SSH brings a lot more to the table than just security; there are controls in it that are not available to telnet and 6) you don't have a hole in your server – Antitribu Nov 20 '09 at 09:55