Alexander Hall <[email protected]> wrote: >On 05/04/12 00:06, Mike Erdely wrote: >> On Thu, May 3, 2012 at 5:43 PM, Alexander Hall<[email protected]> >wrote: >>> I'm not sure about this. The check in security is there for a >reason. If you >>> want to bypass it, it might be better to have to do it manually. >>> >>> The inconsistancy is annoying though, as is the >"*************"-trick, which >>> I believe is merely a way to make it seem like a password while it >is not. >> >> I see two separate issues. >> 1. The two ways to add users are inconsistent. >> 2. The security script may not be doing what it's supposed to if the >> password is "*************". >> >> So, I think either my diff should go in or we should change useradd. > >I bet there are more inconsistencies, and I don't know which one is >right, if anyone. > >> And/or maybe the security script should bitch if your password is >> "*************". > >A few years ago diffs (or at least discussions) allowing > > "*" word "*" > >(e.g. "*SSH*" or "*NOPASSWORD*"), as a more controlled '*************'.
...were discussed. > >In the end I don't think it went anywhere, but I'd rather see that. i.e. that security accepted /^\*.*\*$/ as a password for accounts with a valid shell. We probably don't want to rule out *************. > >/Alexander
