[Adduser-devel] Bug#625758: 'adduser --disabled-login' does not behave as documented.
matthew at woodcraft.me.uk
Thu May 5 17:56:37 UTC 2011
The adduser manpage in squeeze contains the following:
Do not run passwd to set the password. The user won't be able
to use her account until the password is set.
Like --disabled-login, but logins are still possible (for exam‐
ple using SSH RSA keys) but not using password authentication.
Similar text has been there for many years, but it hasn't really been
true in Debian since whenever 'UsePAM yes' became the default in
sshd_config: an account created using --disabled-login can still be used
to log in using public-key authentication without a password being set.
I think either the adduser manpage should be changed to not imply that
disabled-login will prevent SSH public-key logins, or else adduser
--disabled-login should be changed to do the equivalent of 'chage -E 1'.
Versions of packages adduser depends on:
ii debconf [de 22.214.171.124 Debian configuration management sy
ii passwd 1:126.96.36.199+svn3283-2+squeeze1 change and administer password and
ii perl-base 5.10.1-17 minimal Perl system
More information about the Adduser-devel