[ On Wednesday, October 17, 2001 at 01:55:29 (-0700), sen@eccosys.com wrote: ]
> Subject: misc/14272: useradd and /etc/security interact poorly
>
> Perhaps when password-less users are added, the password field should
> be set to a single asterisk instead of multiple asterisks.

I'd rather see /etc/security use the same kind of logic the actual
password checking algorithm uses to determine if a value in the
pw_passwd field could ever possibly represent any encrypted password
(using whatever current encryption scheme might be configured for the
system).

For example with the traditional Unix passwd algorithm the encrypted
string must be exactly 13 characters long and consist only of characters
from the 63 characters in the set "./0-9A-Za-z".  Nothing else can ever
match any encrypted password and must be considered as a locked account.

The same kind of rules can be written for checking the validity of an
MD5 encrypted password string.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>