On Thu, 27 Mar 2025 10:55:13 +1100, Jon Higgs <[email protected]> wrote:
> Is there any way to control this? Or am I holding something wrong, and
> these warnings are an artifact of that.
passwd(5) says
The password field is the encrypted form of the password. If the
password field is empty, no password will be required to gain
access to the machine. This is almost invariably a mistake. By
convention, accounts that are not intended to be logged in to
(e.g. bin, daemon, sshd) only contain a single asterisk in the
password field. Note that there is nothing special about ‘*’, it
is just one of many characters that cannot occur in a valid
encrypted password (see crypt(3)). Similarly, login accounts not
allowing password authentication but allowing other authentication
methods, for example public key authentication, conventionally
have 13 asterisks in the password field. Because master.passwd
contains the encrypted user passwords, it should not be readable
by anyone without appropriate privileges.
so just use 13 asterisks?
Cheers,
Daniel
