[SOLVED] Re: OpenSSH public key problem with Solaris 10 and LDAP users?
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Fri Aug 17 03:03:11 EST 2007
On 08/16/07 16:51, Douglas E. Engert wrote:
> No, I expect it to be NP not *NP*.
If you don't want a user to have a valid crypt password, you should
always include a character that cannot occur in a crypt password; this
assures that there is no possible string that could hash to the target
value, without relying on any specifics about the crypt algorithm other
than its target charset. The standard character for this is *, although
! is used as well. The traditional old-timer way to make a user with no
password is to use * alone in the password field. Solaris likes *NP* for
this, and also uses *LK*, if I recall correctly, to designate a locked user.
This is sysadmin 101, people.
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the openssh-unix-dev
mailing list