>Number:         457
>Category:       bin
>Synopsis:       Single '*' as passwd is not locking account.
>Confidential:   yes
>Severity:       serious
>Priority:       high
>Responsible:    gnats-admin (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Sep  4 16:05:05 1994
>Originator:     Peppermint Lucy
>Organization:
>Release:        current 1 week old
>Environment:
all recently compiled
System: NetBSD wipux2.wifo.uni-mannheim.de 1.0_BETA NetBSD 1.0_BETA (WIPUX) #0: Wed Aug 31 16:00:19 MET DST 1994 toor@wipux2.wifo.uni-mannheim.de:/src/src/sys/arch/i386/compile/WIPUX i386


>Description:
	First I'm not sure if there is just a fault in my passwd
	I'd be pleased if you could tell me that it was not or is
	reproducable at your place.
	I use a '*' to lock accounts like 'daemon','bin' and I had
	also locked 'guest' like this. Somebody just pressed 'return'
	when asked for Password and was let in. It seems to work on
	all accounts that are locked with a single letter. '!','p'.
	Most of the accounts are not in /etc/skeyskeys but it works
	for those too.
	If I change the passwd to '!!' then the account is properly
	locked, which is how I am currently surrounding it.
	For all changes I use 'vipw'.
	I don't know how long the problem has existed, or whether
	it is only my master.passwd. I can produce my master.passwd
	if you would like to try but it's large (>400 accounts).
>How-To-Repeat:
	create guest account with passwd '*' with vipw. and login
	as guest pressing Return when asked for passwd.
>Fix:
	unknown
>Audit-Trail:
>Unformatted:


------------------------------------------------------------------------------