On 2013/01/03 21:06, Chris Cappuccio wrote: > Tobias Ulmer [tobi...@tmux.org] wrote: > > Adding a user with a locked password is a deliberate action. > > Set the password to "*************" to stop security(8) from > > complaining about the new user. > > > > I think it'd make more sense if security(8) didn't flag :*: as unusual. Since > when is it unusual?
The warning isn't just for a :*:'d account, it's for such an account with "alternative access files", i.e. it's meant to tell you when you've disabled a password but forgotten about authorized_keys. Problem is, we now install an empty authorized_keys file from /etc/skel so this always triggers on a new :*:'d account. I'd rather prevent a 0-byte file from triggering security, or remove the empty file from skel.