*lock* considered empty?

Darren Tucker dtucker at zip.com.au
Sat Oct 18 14:02:07 EST 2003

James Dennis wrote:
> Is *lock* considered empty in regard to passwords? I have an account
> that was locked using *lock* as the password (not my system) and after
> upgrading to 3.7.1 we found that that account could not log in. After
> giving that account a password, it could login fine. We were using
> public key auth so passwords aren't even necessary for that account.

Not exactly.  sshd now tests for locked accounts, but what constitutes
locked varies from platform to platform.

Currently, a literal "*lock*" isn't considered.  The following strings
Literal "*"		Darwin, HP-UX
Literal "*LK*"		IRIX, Solaris
Substring "Nologin"	Tru64
Leading "!!"		Linux

What platform are you using?

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list