Systems without passwords
In order to log into a system, users must authenticate themselves to the system. Two common approaches for doing so are by providing a username/password pair to the system, or by using public-key cryptography. Either way, it is not desirable for multiple systems to be configured in such a way that the same set of credentials can be used to log into each system.
QNX is recommending customers do not include default passwords in their QNX-based products to avoid the creation of a master image with passwords. It is impossible to keep a password secret that is shared over thousands of devices and known by many developers. Some countries are introducing legislation to prevent products from using hard-coded or default passwords.
Possible solutions
Many services (e.g. sshd) authenticate a user using PAM (Pluggable Authentication Modules). By creating a custom PAM module, access can be configured in a number of different ways. Given that providing root-level network access is a serious security concern, any solution likely needs to favor security over convenience. Some features to consider are:
- Having different levels of access.
- If you are not the end user of the device, access should be centrally restricted and logged.
- Limit high-privilege access to a private network.
- Avoid granting access to multiple devices using one set of credentials (i.e., gaining access to one device should not give access to another).
- Make access time limited.
Creating an image using mkshadow
The mkshadow utility is a host-side tool that is used to create entries for QNX OS shadow files. By default, mkshadow creates a shadow file entry with the password disabled. This configuration prevents users from logging into the account using a password.
Example
The following command creates a shadow file entry with a disabled password:
$ mkshadow -u qnxuser
For more information on shadow files, see the documentation for /etc/shadow.