Date: Mon, 27 Jan 2003 06:35:47 -0500 From: Mike Makonnen <mtm@identd.net> To: "Dan Mahoney, System Admin" <danm@prime.gushi.org> Cc: freebsd-bugs@FreeBSD.org Subject: Re: bin/47541: pw lock still allows access Message-ID: <20030127113548.RGMY16306.out005.verizon.net@kokeb.ambesa.net> In-Reply-To: <20030127060511.J539-100000@prime.gushi.org> References: <200301271038.h0RAcBKq089737@freefall.freebsd.org> <20030127060511.J539-100000@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--::n:=.:Pp7I12.vS Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Mon, 27 Jan 2003 06:06:12 -0500 (EST) "Dan Mahoney, System Admin" <danm@prime.gushi.org> wrote: > And any potential freeBSD user who needs the manpage may not know that. > At the very least this should be listed in the BUGS section of the > manpage. > This is not a bug. Again, the keyword is "authentication". The purpose of modifying/locking the password field is so that the user can not use the passwd database to authenticate him/herself. This is very different from disallowing a user from loging into a system. To take your specific example, there are 2 ways by which a client loging into the system can ascertain that he is who he claims to be: the passwd database, and ssh authentication keys. By locking the passwd entry for that user you are in effect saying the client can no longer use the passwd database to login to this system. The only way he can be allowed into the system is if he provides a valid ssh key. Cheers. -- Mike Makonnen | GPG-KEY: http://www.identd.net/~mtm/mtm.asc mtm@identd.net | Fingerprint: D228 1A6F C64E 120A A1C9 A3AA DAE1 E2AF DBCC 68B9 --::n:=.:Pp7I12.vS Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+NRmT2uHir9vMaLkRAlsBAJ9JU1eAymZidpEmflTFSUENRFQlSgCg6XQk JCw2h6vBnLNrOuIBrQo11ZY= =5kBu -----END PGP SIGNATURE----- --::n:=.:Pp7I12.vS-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030127113548.RGMY16306.out005.verizon.net>