Openssh still logs in while passwd is locked

Darren Moffat Darren.Moffat at Sun.COM
Tue Jun 4 06:38:28 EST 2002


>What else is special besides "*LK*" (I'm wondering about "NP")?

*LK* is explicitly checked for in pam_unix_account in S9.

NP is used for some of the default accounts - I need to work out why
(I think it is just history) they use NP rather than *LK*.

>How exactly does ``passwd -sa'' determine LK status?  Are there
>issues with/without /etc/shadow (I see pwconv(1M) for example)?

I've just discovered that passwd -sa is a tad broken - I'll log a
bug and get it fixed.

If there is no password it prints NP
else if password filed is non zero but less than 13 print LK
else print PS (meaning there is a password).

--
Darren J Moffat




More information about the openssh-unix-dev mailing list