[Adduser-devel] Bug#308881: --disabled-password writes ! in /etc/shadow
Shaul Karl
Shaul Karl <shaulk@013.net>, 308881@bugs.debian.org
Fri, 13 May 2005 13:54:53 +0300
On Fri, May 13, 2005 at 07:44:19AM +0200, Marc Haber wrote:
> severity #308881 minor
> tags #308881 confirmed pending
> thanks
>
> Hi,
>
> On Fri, May 13, 2005 at 02:19:47AM +0300, Shaul Karl wrote:
> > adduser --system --disabled-password testuser
> >
> > writes ! in the encrypted password field of /etc/shadow
>
> This is the intended behavior
adduser --system --disabled-password testuser
and
adduser --system --disabled-login testuser
both writes ! in the encrypted password field of /etc/shadow. Is that
the intended behavior? In this case there is no distinction between
--{disabled-password,disabled-login}, is there?
The way I interpret the OPTIONS sections of the man page,
--disabled-login should have a stronger effect then --disabled-password:
--disabled-login
Do not run passwd to set the password. The user won't be able
to use her account until the password is set.
--disabled-password
Like --disabled-login, but logins are still possible for example
through SSH RSA keys, but not using password authentification.
Shouldn't --disabled-login use '!' and --disabled-password use '*'?
As an aside,
--- adduser.8 2005-05-13 13:35:19.000000000 +0300
+++ adduser.8 2005-05-13 13:37:10.000000000 +0300
@@ -178,7 +178,7 @@
.TP
.B \-\-disabled-password
Like \-\-disabled-login, but logins are still possible for example through
-SSH RSA keys, but not using password authentification.
+SSH RSA keys, but not using password authentication.
.TP
.B \-\-force\-badname
By default, user and group names are checked against a configurable