[Adduser-devel] Bug#412742: adduser: neither disabled{password,
login} disables the account
Justin Pryzby
justinpryzby at users.sourceforge.net
Tue Feb 27 19:56:47 CET 2007
Package: adduser
Version: 3.102
adduser has 2 options:
|adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
|[--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID]
|[--disabled-password] [--disabled-login] USER
^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^
| Add a normal user
Internally, disabled-login seems to disable more than disabled-password:
"disabled-password" => sub { $ask_passwd = 0 },
"disabled-login" => sub { $disabled_login = 1; $ask_passwd = 0 },
And the manpage is consistent with this interpretation:
| --disabled-login
| Do not run passwd to set the password. The user won't be able
| to use her account until the password is set.
| --disabled-password
| Like --disabled-login, but logins are still possible (for exam-
| ple using SSH RSA keys) but not using password authentication.
So I expect disabled-password users to be able to login with RSA keys, and
disabled-login users to be completely disabled? Both of them accept RSA auth
over SSH. Is there some RSA auth that can happen locally??
disabled-login makes the shadow file have a "*":
| } else /* if ($ask_passwd) */ {
| if(!$disabled_login) {
| my $usermod = &which('usermod');
| &systemcall($usermod, '-p', '*', $new_name);
| }
| }
Is some broken login program supposed to be checking for * as a special case?
Are the 1-character flags [x!*] supposed to act differently?
Similar bugs include 389183.
More information about the Adduser-devel
mailing list