Antoine Jacoutot wrote: > This diff adds 2 new options to usermod(8): > -U to unlock a user's password > -Z to lock a user's password
Today I was working with these two switches and really got confused. I've tested the following with snapshots from Jan 11 and 5.3-beta. I've got a user with 13 asterisks in the password field as described in passwd(5): test:*************:1002:1002::0:0:,,,:/home/test:/bin/ksh After locking the account with "usermod -Z test": test:*************:1002:1002::0:0:,,,:/home/test:/bin/ksh- After unlocking the account with "usermod -U test": test:************:1002:1002::0:0:,,,:/home/test:/bin 1) The login shell is broken. 2) The password field consists of 12 asterisks. I'd expect it to be just the same as it was before unlocking the account. This propably makes security(8) complain, and more importantly, it never adds an asterisk when locking but always removes an asterisk when unlocking, so the account would be accessible without a password after some lock-unlock cycles (at least the shell is still broken): test::1002:1002::0:0:,,,:/home/test:/bin Can't tell if this problem relates to users with normal password authentication. I did only test users with 13 asterisks in the password field. Regards André
