I think Sir Rob is correct.
Sorry for propagating bad info.
I mixed up "*" and "!" and "x".
A solitary "x" in the password field in /etc/passwd is the key to
look in /etc/shadow.
-- Rick; <><
On Mon, Dec 8, 2008 at 12:41 AM, Rob van der Heij <[EMAIL PROTECTED]> wrote:
> On Mon, Dec 8, 2008 at 6:24 AM, Richard Troth <[EMAIL PROTECTED]> wrote:
>
>> "!" is probably carried over from 'pwconv' processing on a mixed
>> /etc/passwd file (some entries converted, others not).
>> I see it all the time and just ignore it, because "!" in /etc/shadow
>> also renders the password unusable.
>> ("!" in /etc/passwd is a key that says to look in /etc/shadow.)
>
> The trick is that a "*" replaces the old password, so you have no way
> to get that back. The password is prefixed by "!" to lock the user
> (since you can not type a password that encodes like this) but you can
> unlock the user later (by removing the "!") and have the old password
> back. This is what "passwd -l" and "passwd -u" do. The sole "!" in the
> /etc/shadow shows a locked account with no password.
>
> I believe that for serious work with Linux, you should do away with
> passwords and use cryptic keys only. For those who think they see a
> "revoked" analogy: the "locked" state is done by disabling the
> password. It does not prevent the user to logon with proper PKI
> credentials...
>
> -Rob
>
> ----------------------------------------------------------------------
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
>
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
