Subject: Re: "daily insecurity output" annoyance
To: Jon Lindgren <>
From: Perry E. Metzger <>
List: tech-userlevel
Date: 01/25/2001 10:31:32
Jon Lindgren <> writes:
> > I propose that we distinguish between accounts that are not password
> > loginable and accounts that are off by using different characters for
> > the second field -- something other than * -- and that I then hack the
> > /etc/security script to properly note this distinction and ignore the
> > accounts that are intentionally on but password disabled.
> > 
> > Comments?
> Agreed, but we'd also need the capability to see if they've changed.

That's already in the scripts. Have a look. This is orthogonal.

> I'd agree with the idea that in general, a box as configured within
> reason should not produce warnings or anomalous results in the daily
> outputs, especially when it's a stock configuration right out of base.tgz
> and etc.tgz

Yup. You want to be able to have /etc/security come out clean on a
reasonably configured box.

Perry E. Metzger
Quality NetBSD CDs, Support & Service.