> NP as I understood it means "Not Participating" rather than "No
> Password" and the reason we can't use *LK* is because pam_unix_account
> will not allow cron to run.
#define LOCKSTRING "*LK*" /* prefix to/string in sp_pwdp to lock acct */
#define NOLOGINSTRING "NP" /* sp_pwdp for no-login accounts */
If NP had't been shipping, I would have made it NL when I did
passwd -N. These are all consolidation private and not public
interfaces.
Gary..
> > "*NP*" can also show up in sp_pwdp. It again is a consolidation
> > private ... that indicates the password could not be retrieved
> > from the name service. There are various reasons this could
> > occur.
>
> *NP* means "No permission" and is as you say in sp_pwdp but it isn't
> actually stored. NIS+ and LDAP can both cause this to be returned via
> the nsswitch/nscd code but files and NIS don't I believe.
Not retrieved for various reasons. In LDAP it could be because
of ACLs or some other reasons. See the recent nss_ldap fixes.
Gary..
