On 2010/04/20 13:04, Alexander Hall wrote: > On 04/20/10 08:37, Stuart Henderson wrote: > > On 2010-04-19, Andrew Klettke <aklet...@opticfusion.net> wrote: > >> Hello all, > >> > >> I'm having a (cosmetic) problem with a couple of OpenBSD boxes that are > >> using RADIUS authentication. > >> > >> When I install the OS, I create a local user with local authentication. > >> After the box's network config is all done, I then change the login > >> class of the user to so I can use RADIUS, by modifying > >> /etc/master.passwd with `vipw', so it looks like this: > >> (removed):*:1000:10:radius:0:0::/home/(removed):/bin/ksh > >> > >> The problem then occurs when /etc/security runs, as it gives the > >> following output: > >> > >> Checking the /etc/master.passwd file: > >> Login (removed) is off but still has a valid shell and alternate access > >> files in > >> home directory are still readable. > >> > >> This login is being used successfully with RADIUS, all is working as > >> expected, I just want to get rid of this error. Any input? > >> > > > > Set the encrypted password to ************* > > > > Thank you Stuart for not recommending hacking away on /etc/security but > instad provide the "correct" answer. :-) > > And while the awk-literate audience might have noticed that any > 13-character string would suffice, I'd say "*************" is indeed the > most prevalent form thereof.
For the record I dislike this loophole, but since it's there (and there were various complaints when I tried removing it), may as well make use of it. :)