We need a general way to say "account is valid but password field is
not", as in, for instance, ssh only accounts.

How about another character besides "*" for that? Perhaps a "#"?

Perry

Bill Studenmund <skippy@macro.Stanford.EDU> writes:

> On Tue, 16 Mar 1999, Jonathan Stone wrote:
> 
> > Reverting root's login shell to /bin/csh triggered requests to add
> > back toor.  I'd intended to leave that as-is till we fixed the security
> > scripts to not warn about toor.
> 
> I think we should get toor back now, and just fix the security scripts
> before 1.4.
> 
> > The obvious technical question is whether to filter out just
> >     ^toor:*:
> > or try and filter out all login accounts with disabled passwd fields.
> > 
> > Comments?  Do we Really Need a /bin/sh superuser login until this gets
> > resolved, even with the warnings from /etc/security?
> 
> I think so. We used to have a solution everyone was content with. As
> shell preference is intensly personal, I think we should return to the
> solution everyone was content with. Arguments about which shell is better
> aren't going to be solved on technical grounds. :-)
> 
> I'd say for now we just make the egrep -v '^toor:' change to the
> /etc/security script. We have toor special cased in it already. :-)
> 
> Take care,
> 
> Bill