Date: Mon, 25 May 1998 14:31:41 +0200 (MET DST) From: Janos Mohacsi <mohacsi@fsz.bme.hu> To: Wes Peters <wes@softweyr.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SKey and locked account Message-ID: <Pine.SUN.3.96.980525142949.1404D-100000@bagira.fsz.bme.hu> In-Reply-To: <35657CA6.D93AC10D@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 22 May 1998, Wes Peters wrote: > Date: Fri, 22 May 1998 07:24:54 -0600 > From: Wes Peters <wes@softweyr.com> > To: Philippe Regnauld <regnauld@deepo.prosa.dk> > Cc: Mike Smith <mike@smith.net.au>, freebsd-security@FreeBSD.ORG > Subject: Re: SKey and locked account > > Philippe Regnauld wrote: > > Ok -- just referrring to the man page: > > > > The password field is the encrypted form of the password. If the > > password field is empty, no password will be required to gain access to > > the machine. This is almost invariably a mistake. Because these files > > contain the encrypted user passwords, they should not be readable by any- > > one without appropriate privileges. Administrative accounts have a pass- > > word field containing an asterisk `*' which disallows normal logins. > > > > ... it doesn't mention the fact that they _also_ have an invalid > > shell. > > Yeah, this little bit of UNIX arcana has been batted back and forth > for years. At least FreeBSD *has* a nologin program, see nologin(8). > I don't like it, because it doesn't log the failed access. Here's my Cannot be done a logging with the program with logger(1) ? > replacement, which does: Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.980525142949.1404D-100000>