[Adduser-devel] Bug#625758: 'adduser --disabled-login' does not behave as documented.

Sam Morris sam at robots.org.uk
Fri Jul 26 10:35:12 UTC 2013

tag 625758 + patch

With --disabled-password, the password field is set to '!'; with
--disabled-login, it is set to '*'. pam_unix checks for both in

	} else if (!p || *hash == '*' || *hash == '!') {
		retval = PAM_AUTH_ERR;

Therefore I don't see the use of having both options, unless some other
software cares about the difference between the two values,

On the assumption that there is no such other software, here is an patch
to note that --disabled-login doesn't do anything that
--disabled-password can't.

I've also changed a few stray '-' characters to '\-'.

Sam Morris <https://robots.org.uk/>
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078
-------------- next part --------------
A non-text attachment was scrubbed...
Name: adduser-disabled-login.patch
Type: text/x-patch
Size: 2848 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20130726/3b70edad/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20130726/3b70edad/attachment.sig>

More information about the Adduser-devel mailing list