Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Jan 2003 06:35:47 -0500
From:      Mike Makonnen <mtm@identd.net>
To:        "Dan Mahoney, System Admin" <danm@prime.gushi.org>
Cc:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/47541: pw lock still allows access
Message-ID:  <20030127113548.RGMY16306.out005.verizon.net@kokeb.ambesa.net>
In-Reply-To: <20030127060511.J539-100000@prime.gushi.org>
References:  <200301271038.h0RAcBKq089737@freefall.freebsd.org> <20030127060511.J539-100000@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
--::n:=.:Pp7I12.vS
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Mon, 27 Jan 2003 06:06:12 -0500 (EST)
"Dan Mahoney, System Admin" <danm@prime.gushi.org> wrote:

> And any potential freeBSD user who needs the manpage may not know that.
> At the very least this should be listed in the BUGS section of the
> manpage.
> 

This is not a bug.

Again, the keyword is "authentication". The purpose of modifying/locking the
password field is so that the user can not use the passwd
database to authenticate him/herself.  This is very different from disallowing a
user from loging into a system. To take your specific example, there are 2 ways
by which a client loging into the system can ascertain that he is who he claims
to be: the passwd database, and ssh authentication keys.  By locking the passwd
entry for that user you are in effect saying the client can no longer use the
passwd database to login to this system. The only way he can be allowed into the
system is if he provides a valid ssh key.

Cheers.
-- 
Mike Makonnen  | GPG-KEY: http://www.identd.net/~mtm/mtm.asc
mtm@identd.net | Fingerprint: D228 1A6F C64E 120A A1C9  A3AA DAE1 E2AF DBCC 68B9

--::n:=.:Pp7I12.vS
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+NRmT2uHir9vMaLkRAlsBAJ9JU1eAymZidpEmflTFSUENRFQlSgCg6XQk
JCw2h6vBnLNrOuIBrQo11ZY=
=5kBu
-----END PGP SIGNATURE-----

--::n:=.:Pp7I12.vS--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030127113548.RGMY16306.out005.verizon.net>