Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root:x:' and 'root:!:' allow no
password login at all.
This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
unset FILE
}
-if ( grep -qsE '^root:[!x]?:' /etc/shadow && \
- grep -qsE '^root:[!x]?:' /etc/passwd && \
+if ( grep -qs '^root::' /etc/shadow && \
[ -z "$FAILSAFE" ] )
then
cat << EOF