On Tue, 16 Mar 1999, Jonathan Stone wrote:

> Reverting root's login shell to /bin/csh triggered requests to add
> back toor.  I'd intended to leave that as-is till we fixed the security
> scripts to not warn about toor.

I think we should get toor back now, and just fix the security scripts
before 1.4.

> The obvious technical question is whether to filter out just
>     ^toor:*:
> or try and filter out all login accounts with disabled passwd fields.
> 
> Comments?  Do we Really Need a /bin/sh superuser login until this gets
> resolved, even with the warnings from /etc/security?

I think so. We used to have a solution everyone was content with. As
shell preference is intensly personal, I think we should return to the
solution everyone was content with. Arguments about which shell is better
aren't going to be solved on technical grounds. :-)

I'd say for now we just make the egrep -v '^toor:' change to the
/etc/security script. We have toor special cased in it already. :-)

Take care,

Bill