*lock* considered empty?

Jeff A. Earickson jaearick at colby.edu
Sat Oct 18 22:15:36 EST 2003


Hi,
   This logic seems really fragile.  For crypt() based passwords,
I would think that "anything not 13 chars long is locked".  Isn't
MD5 also a fixed length too, with the same idea?

--- Jeff Earickson
    Colby College

On Sat, 18 Oct 2003, Darren Tucker wrote:

> Date: Sat, 18 Oct 2003 14:02:07 +1000
> From: Darren Tucker <dtucker at zip.com.au>
> To: James Dennis <james at firstaidmusic.com>
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: *lock* considered empty?
>
> James Dennis wrote:
> >
> > Is *lock* considered empty in regard to passwords? I have an account
> > that was locked using *lock* as the password (not my system) and after
> > upgrading to 3.7.1 we found that that account could not log in. After
> > giving that account a password, it could login fine. We were using
> > public key auth so passwords aren't even necessary for that account.
>
> Not exactly.  sshd now tests for locked accounts, but what constitutes
> locked varies from platform to platform.
>
> Currently, a literal "*lock*" isn't considered.  The following strings
> are:
> Literal "*"		Darwin, HP-UX
> Literal "*LK*"		IRIX, Solaris
> Substring "Nologin"	Tru64
> Leading "!!"		Linux
>
> What platform are you using?
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list