[SOLVED] Re: OpenSSH public key problem with Solaris 10 and LDAP users?

[Jefferson Ogata]

On 08/16/07 16:51, Douglas E. Engert wrote:
> No, I expect it to be NP not *NP*.

If you don't want a user to have a valid crypt password, you should
always include a character that cannot occur in a crypt password; this
assures that there is no possible string that could hash to the target
value, without relying on any specifics about the crypt algorithm other
than its target charset. The standard character for this is *, although
! is used as well. The traditional old-timer way to make a user with no
password is to use * alone in the password field. Solaris likes *NP* for
this, and also uses *LK*, if I recall correctly, to designate a locked user.

This is sysadmin 101, people.

-- 
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service