On Mon, Dec 8, 2008 at 6:24 AM, Richard Troth <[EMAIL PROTECTED]> wrote:
> "!" is probably carried over from 'pwconv' processing on a mixed
> /etc/passwd file (some entries converted, others not).
> I see it all the time and just ignore it, because "!" in /etc/shadow
> also renders the password unusable.
> ("!" in /etc/passwd is a key that says to look in /etc/shadow.)
The trick is that a "*" replaces the old password, so you have no way
to get that back. The password is prefixed by "!" to lock the user
(since you can not type a password that encodes like this) but you can
unlock the user later (by removing the "!") and have the old password
back. This is what "passwd -l" and "passwd -u" do. The sole "!" in the
/etc/shadow shows a locked account with no password.
I believe that for serious work with Linux, you should do away with
passwords and use cryptic keys only. For those who think they see a
"revoked" analogy: the "locked" state is done by disabling the
password. It does not prevent the user to logon with proper PKI
credentials...
-Rob
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
