From c61e29db49e9e757f593b746723baab36a75ae49 Mon Sep 17 00:00:00 2001
From: James Davidson <james.davidson@vyatta.com>
Date: Fri, 21 Sep 2012 14:11:49 -0700
Subject: Do not check disabled accounts for default password

Fixes bug 8368
---
 scripts/vyatta-first-login-passwd.sh | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'scripts')

diff --git a/scripts/vyatta-first-login-passwd.sh b/scripts/vyatta-first-login-passwd.sh
index d75e5c0c..ab4e8ed4 100755
--- a/scripts/vyatta-first-login-passwd.sh
+++ b/scripts/vyatta-first-login-passwd.sh
@@ -91,14 +91,17 @@ change_password() {
   save
 }
 
+dpwd='"*"'
 for user in $($API listEffectiveNodes system login user); do
   user=${user//\'/}
   epwd=$(show system login user $user authentication encrypted-password)
   epwd=$(awk '{ print $2 }' <<<$epwd)
-  salt=$(awk 'BEGIN{ FS="$" }; { print $3 }' <<<$epwd)
-  vyatta_epwd=$(mkpasswd -H md5 -S $salt vyatta)
-  if [[ $epwd == $vyatta_epwd ]]; then
-     change_password $user
+  if [[ $epwd != $dpwd ]]; then
+    salt=$(awk 'BEGIN{ FS="$" }; { print $3 }' <<<$epwd)
+    vyatta_epwd=$(mkpasswd -H md5 -S $salt vyatta)
+    if [[ $epwd == $vyatta_epwd ]]; then
+       change_password $user
+    fi
   fi
 done
 eval $(exit_configure)
-- 
cgit v1.2.3