Subject: "daily insecurity output" annoyance
To: None <,>
From: Perry E. Metzger <>
List: tech-userlevel
Date: 01/25/2001 09:56:58
Every day I get reports telling me crud like:

	Login toor is off but still has a valid shell (/bin/sh)
	Login backup is off but still has a valid shell (/bin/sh)


I want these accounts around -- I just want the password based login
capability disabled.

Right now, as it stands, /etc/security prints that message out no
matter what if field two of the password file is not thirteen or
twenty characters long. (What is twenty characters for?)

I propose that we distinguish between accounts that are not password
loginable and accounts that are off by using different characters for
the second field -- something other than * -- and that I then hack the
/etc/security script to properly note this distinction and ignore the
accounts that are intentionally on but password disabled.