From 2d345fab89209bef76823d8b2ee6f7f0cc1db84f Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Tue, 8 Dec 2009 15:02:10 -0800
Subject: Force root account to have disabled password

This makes sure there is no working password for user root in ISO.
---
 debian/vyatta-cfg-system.postinst.in | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'debian/vyatta-cfg-system.postinst.in')

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 25edb438..0ccf25a2 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -25,6 +25,9 @@ if ! grep -q '^tss' /etc/passwd; then
     adduser --system --group --shell /usr/sbin/nologin --home /var/lib/tpm tss
 fi
 
+# Make sure root account can not be used for login by turning off password
+usermod -p ! root
+
 case `grep '^RULES_FILE=' /lib/udev/write_net_rules` in
 *z25_persistent-net.rules* )
 	vyatta_net_rules=z24_vyatta-net.rules;;
-- 
cgit v1.2.3