Subject: Re: "daily insecurity output" annoyance
To: Jon Lindgren <email@example.com>
From: Perry E. Metzger <firstname.lastname@example.org>
Date: 01/25/2001 10:31:32
Jon Lindgren <email@example.com> writes:
> > I propose that we distinguish between accounts that are not password
> > loginable and accounts that are off by using different characters for
> > the second field -- something other than * -- and that I then hack the
> > /etc/security script to properly note this distinction and ignore the
> > accounts that are intentionally on but password disabled.
> > Comments?
> Agreed, but we'd also need the capability to see if they've changed.
That's already in the scripts. Have a look. This is orthogonal.
> I'd agree with the idea that in general, a box as configured within
> reason should not produce warnings or anomalous results in the daily
> outputs, especially when it's a stock configuration right out of base.tgz
> and etc.tgz
Yup. You want to be able to have /etc/security come out clean on a
reasonably configured box.
Perry E. Metzger firstname.lastname@example.org
Quality NetBSD CDs, Support & Service. http://www.wasabisystems.com/