*lock* considered empty?

Darren Tucker dtucker at zip.com.au
Sat Oct 18 23:13:16 EST 2003

"Jeff A. Earickson" wrote:
>    This logic seems really fragile.  For crypt() based passwords,
> I would think that "anything not 13 chars long is locked".  Isn't
> MD5 also a fixed length too, with the same idea?

No, I don't think we should do that.  I think it was even discussed

We're specifically after accounts locked by the admin with "passwd -l" or
equivalent.  There are other password strings (eg a literal "NP" on
Solaris, which means "No Password authentication") which do not mean the
account is locked.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list