Test for locked account in auth.c (bug #442).

Kevin Steves stevesk at pobox.com
Tue Jan 14 13:22:17 EST 2003


On Tue, Jan 14, 2003 at 09:25:25AM +1100, Darren Tucker wrote:
> Some platforms (eg HP-UX in non-trusted mode) have a concept of locked
> accounts but don't have password aging or account expiry.

HP-UX actually does support password aging via the old-style aging
field (after a comma in the encrypted password field).

at least up-to 11.11.

> It boils down to "does passwd -l lock the account or the password?" From
> the man pages I've checked the ratio is 2 (account) to 1 (password).
> 
> So you can default to allowing locked entries (permissive by default) or
> not allowing them (secure by default[0]).

that is the core issue.




More information about the openssh-unix-dev mailing list