Every day I get reports telling me crud like:

	Login toor is off but still has a valid shell (/bin/sh)
	Login backup is off but still has a valid shell (/bin/sh)

etc.

I want these accounts around -- I just want the password based login
capability disabled.

Right now, as it stands, /etc/security prints that message out no
matter what if field two of the password file is not thirteen or
twenty characters long. (What is twenty characters for?)

I propose that we distinguish between accounts that are not password
loginable and accounts that are off by using different characters for
the second field -- something other than * -- and that I then hack the
/etc/security script to properly note this distinction and ignore the
accounts that are intentionally on but password disabled.

Comments?

Perry