On 09/02/2010 20:30, [email protected] wrote:
My only other comment is that in the past I've had to update i.shadow
to change the status of some accounts between *LK* and NP, so
sometimes we do actually want to change the password field because due
to legacy unix it is overloaded between the hashed password and the
special strings for locked and "Not Participating" (NP). However I
don't expect any more of those in the future and if so we can deal
with it via an SMF service. So this is just a "historical" comment
about what this does versus i.passwd and i.shadow that it replaces.
I actually had to make such a change to an user action recently since
either there had been a change in the base password file or I made a
mistake when I originally transcribed it into the action.
Perhaps the on-disk shadow file field should be left along only if it's
not *LK* or NP?
That would be a good compromise and catch all the cases I can think of.
> Do we support users changing them for accounts
> delivered with OpenSolaris?
Some shouldn't ever be changed, like gdm, others like postgres could be
useful to change them.
The rule could be if it is something other than *LK* or NP on disk then
leave it alone otherwise take what is in the plan.
That would be a nice future proofing enhancement but I'm also happy
enough with what Bart has implemented now.
--
Darren J Moffat
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
