Date: Mon, 30 Aug 2004 14:00:53 GMT From: Gleb Smirnoff <glebius@freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/71147: sshd(8) will allow to log into a locked account Message-ID: <200408301400.i7UE0rtx058015@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/71147; it has been noted by GNATS. From: Gleb Smirnoff <glebius@freebsd.org> To: Yar Tikhiy <yar@comp.chem.msu.su> Cc: FreeBSD-gnats-submit@freebsd.org, des@freebsd.org Subject: Re: bin/71147: sshd(8) will allow to log into a locked account Date: Mon, 30 Aug 2004 17:50:14 +0400 On Mon, Aug 30, 2004 at 04:52:54PM +0400, Yar Tikhiy wrote: Y> In FreeBSD (and other BSDs,) the well-known way to lock out Y> a user's account is setting the user's encrypted password to Y> an asterisk character, `*', in master.passwd. Arguably, one Y> can also lock out a user by just _prefixing_ the password field Y> value with `*'. Anyway, sshd(8) will ignore either lock Y> and allow the user to log in if he authenticates himself by Y> means other than the Unix password, e.g., using his public key. This is not a bug, it's a feature! Any ssh (not only Open) has the same behavior on any unix operating system. I'm utilizing this feature since I use pubkey authentification. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408301400.i7UE0rtx058015>