*lock* considered empty?
Jeff A. Earickson
jaearick at colby.edu
Sat Oct 18 22:15:36 EST 2003
Hi,
This logic seems really fragile. For crypt() based passwords,
I would think that "anything not 13 chars long is locked". Isn't
MD5 also a fixed length too, with the same idea?
--- Jeff Earickson
Colby College
On Sat, 18 Oct 2003, Darren Tucker wrote:
> Date: Sat, 18 Oct 2003 14:02:07 +1000
> From: Darren Tucker <dtucker at zip.com.au>
> To: James Dennis <james at firstaidmusic.com>
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: *lock* considered empty?
>
> James Dennis wrote:
> >
> > Is *lock* considered empty in regard to passwords? I have an account
> > that was locked using *lock* as the password (not my system) and after
> > upgrading to 3.7.1 we found that that account could not log in. After
> > giving that account a password, it could login fine. We were using
> > public key auth so passwords aren't even necessary for that account.
>
> Not exactly. sshd now tests for locked accounts, but what constitutes
> locked varies from platform to platform.
>
> Currently, a literal "*lock*" isn't considered. The following strings
> are:
> Literal "*" Darwin, HP-UX
> Literal "*LK*" IRIX, Solaris
> Substring "Nologin" Tru64
> Leading "!!" Linux
>
> What platform are you using?
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list