From owner-freebsd-security  Mon May 25 05:33:25 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA10026
          for freebsd-security-outgoing; Mon, 25 May 1998 05:33:25 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from bagira.fsz.bme.hu (mohacsi@bagira.fsz.bme.hu [152.66.76.5])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA09982
          for <freebsd-security@FreeBSD.ORG>; Mon, 25 May 1998 05:33:01 -0700 (PDT)
          (envelope-from mohacsi@bagira.fsz.bme.hu)
Received: from localhost (mohacsi@localhost)
	by bagira.fsz.bme.hu (8.9.0.Beta5/8.9.0.Beta3+BME-IIT) with SMTP id OAA03182;
	Mon, 25 May 1998 14:31:43 +0200 (MET DST)
Date: Mon, 25 May 1998 14:31:41 +0200 (MET DST)
From: Janos Mohacsi <mohacsi@fsz.bme.hu>
To: Wes Peters <wes@softweyr.com>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: SKey and locked account
In-Reply-To: <35657CA6.D93AC10D@softweyr.com>
Message-ID: <Pine.SUN.3.96.980525142949.1404D-100000@bagira.fsz.bme.hu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk




On Fri, 22 May 1998, Wes Peters wrote:

> Date: Fri, 22 May 1998 07:24:54 -0600
> From: Wes Peters <wes@softweyr.com>
> To: Philippe Regnauld <regnauld@deepo.prosa.dk>
> Cc: Mike Smith <mike@smith.net.au>, freebsd-security@FreeBSD.ORG
> Subject: Re: SKey and locked account
> 
> Philippe Regnauld wrote:
> >         Ok -- just referrring to the man page:
> > 
> >         The password field is the encrypted form of the password.  If the
> >         password field is empty, no password will be required to gain access to
> >         the machine.  This is almost invariably a mistake.  Because these files
> >         contain the encrypted user passwords, they should not be readable by any-
> >         one without appropriate privileges.  Administrative accounts have a pass-
> >         word field containing an asterisk `*' which disallows normal logins.
> > 
> >         ... it doesn't mention the fact that they _also_ have an invalid
> >         shell.
> 
> Yeah, this little bit of UNIX arcana has been batted back and forth
> for years.  At least FreeBSD *has* a nologin program, see nologin(8).
> I don't like it, because it doesn't log the failed access.  Here's my 

Cannot be done a logging with the program with logger(1) ?

> replacement, which does:


Janos Mohacsi



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message