| Summary: | locked /etc/shadow password prefix on linux | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Roumen Petrov <bugtrack> | ||||
| Component: | sshd | Assignee: | OpenSSH Bugzilla mailing list <openssh-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | enhancement | ||||||
| Priority: | P2 | ||||||
| Version: | 3.8p1 | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 821 | ||||||
| Attachments: |
|
||||||
|
Description
Roumen Petrov
2004-03-08 23:31:16 AEDT
What does the "lock account" command (ie passwd -l or equivalent) do? passwd -l/-u : add/remove symbol '!' before password string passwd -S : report locked password when first symbol is '!' or '*' tested on some slackware and suse versions about '*' prefix. let account password contain '*' - passwd -S report locked after passwd -l : password is '!*' - passwd -S report locked after passwd -u : password is '*' - passwd -S report locked again after passwd -u : no changes in account state I dont have information for other distro. I think we should just change LOCKED_PASSWD_PREFIX to "!" for all Linuxes, which will also work for Redhat. Debian, Slackware and SuSE all use the upstream "shadow" package (ftp://ftp.pld.org.pl/software/shadow) which does this to lock accounts: strcpy (newpw, "!"); strcat (newpw, cp); Created attachment 577 [details]
Use single "!" for LOCKED_PASSWD_PREFIX on Linuxes
OK for 3.8.1p1?
Comment on attachment 577 [details]
Use single "!" for LOCKED_PASSWD_PREFIX on Linuxes
Fine by me
Patch applied, thanks for the report. I agree with single '!' in prefix. Prefix '*' is only for always locked (usualy "system") accounts and might we can skip that case. Mass move of bugs RESOLVED->CLOSED following the release of openssh-5.5p1 |