Subject: Re: "daily insecurity output" annoyance
To: Jon Lindgren <jlindgren@slk.com>
From: Perry E. Metzger <perry@wasabisystems.com>
List: tech-security
Date: 01/25/2001 10:31:32
Jon Lindgren <jlindgren@slk.com> writes:
> > I propose that we distinguish between accounts that are not password
> > loginable and accounts that are off by using different characters for
> > the second field -- something other than * -- and that I then hack the
> > /etc/security script to properly note this distinction and ignore the
> > accounts that are intentionally on but password disabled.
> > 
> > Comments?
> 
> Agreed, but we'd also need the capability to see if they've changed.

That's already in the scripts. Have a look. This is orthogonal.

> I'd agree with the idea that in general, a box as configured within
> reason should not produce warnings or anomalous results in the daily
> outputs, especially when it's a stock configuration right out of base.tgz
> and etc.tgz

Yup. You want to be able to have /etc/security come out clean on a
reasonably configured box.

--
Perry E. Metzger		perry@wasabisystems.com
--
Quality NetBSD CDs, Support & Service. http://www.wasabisystems.com/