bugzilla-daemon at mindrot.org
2004-Mar-08 12:31 UTC
[Bug 811] locked /etc/shadow password prefix on linux
http://bugzilla.mindrot.org/show_bug.cgi?id=811
Summary: locked /etc/shadow password prefix on linux
Product: Portable OpenSSH
Version: 3.8p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: openssh at roumenpetrov.info
Current prefix for locked password is set to '!!'
This might is RedHat specific.
Slakware and SuSE use:
'!' - account(password) can be unlocked
'*' - account(password) always remain locked
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-08 12:48 UTC
[Bug 811] locked /etc/shadow password prefix on linux
http://bugzilla.mindrot.org/show_bug.cgi?id=811
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From dtucker at zip.com.au 2004-03-08 23:48 -------
What does the "lock account" command (ie passwd -l or equivalent) do?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-09 06:23 UTC
[Bug 811] locked /etc/shadow password prefix on linux
http://bugzilla.mindrot.org/show_bug.cgi?id=811 ------- Additional Comments From openssh at roumenpetrov.info 2004-03-09 17:23 ------- passwd -l/-u : add/remove symbol '!' before password string passwd -S : report locked password when first symbol is '!' or '*' tested on some slackware and suse versions about '*' prefix. let account password contain '*' - passwd -S report locked after passwd -l : password is '!*' - passwd -S report locked after passwd -u : password is '*' - passwd -S report locked again after passwd -u : no changes in account state I dont have information for other distro. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-30 03:28 UTC
[Bug 811] locked /etc/shadow password prefix on linux
http://bugzilla.mindrot.org/show_bug.cgi?id=811
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |821
nThis| |
------- Additional Comments From dtucker at zip.com.au 2004-03-30 13:28 -------
I think we should just change LOCKED_PASSWD_PREFIX to "!" for all
Linuxes, which
will also work for Redhat.
Debian, Slackware and SuSE all use the upstream "shadow" package
(ftp://ftp.pld.org.pl/software/shadow) which does this to lock accounts:
strcpy (newpw, "!");
strcat (newpw, cp);
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-30 03:30 UTC
[Bug 811] locked /etc/shadow password prefix on linux
http://bugzilla.mindrot.org/show_bug.cgi?id=811 ------- Additional Comments From dtucker at zip.com.au 2004-03-30 13:30 ------- Created an attachment (id=577) --> (http://bugzilla.mindrot.org/attachment.cgi?id=577&action=view) Use single "!" for LOCKED_PASSWD_PREFIX on Linuxes OK for 3.8.1p1? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-30 03:44 UTC
[Bug 811] locked /etc/shadow password prefix on linux
http://bugzilla.mindrot.org/show_bug.cgi?id=811
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #577| |ok
Status| |
------- Additional Comments From djm at mindrot.org 2004-03-30 13:44 -------
(From update of attachment 577)
Fine by me
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-30 04:04 UTC
[Bug 811] locked /etc/shadow password prefix on linux
http://bugzilla.mindrot.org/show_bug.cgi?id=811
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
------- Additional Comments From dtucker at zip.com.au 2004-03-30 14:04 -------
Patch applied, thanks for the report.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-30 07:49 UTC
[Bug 811] locked /etc/shadow password prefix on linux
http://bugzilla.mindrot.org/show_bug.cgi?id=811
openssh at roumenpetrov.info changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |VERIFIED
------- Additional Comments From openssh at roumenpetrov.info 2004-03-30 17:49
-------
I agree with single '!' in prefix.
Prefix '*' is only for always locked (usualy "system")
accounts and might we can
skip that case.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
- [Bug 606] sshd [-t] should warn when cannot create pid file
- [Bug 605] make install don't create piddir
- OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
- Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1