There is this * in the password field of the shadow file for certain accounts.
I know that the ! is to indicate a locked account but what does a * mean?
man 5 shadow does not reveal anything.
Feizhou wrote:
There is this * in the password field of the shadow file for certain accounts.
I know that the ! is to indicate a locked account but what does a * mean?
My understanding is that anything in that field that is not a valid encrypted password means the account is disabled. I believe that '!!' and '*' are simply 2 different conventions indicating the same thing.
-Steve
Steve wrote:
Feizhou wrote:
There is this * in the password field of the shadow file for certain accounts.
I know that the ! is to indicate a locked account but what does a * mean?
My understanding is that anything in that field that is not a valid encrypted password means the account is disabled. I believe that '!!' and '*' are simply 2 different conventions indicating the same thing.
Sigh. Documentation a bit wanting now is it not?
Even google does not give me anything...all I found where references to pam(7) to determine what happens but there is not any pam(7) man page.
-_-
Feizhou wrote:
Sigh. Documentation a bit wanting now is it not?
Even google does not give me anything...all I found where references to pam(7) to determine what happens but there is not any pam(7) man page.
* and ! are hard to search for. I used:
shadow exclamation asterisk
and hoped for the best.
Perhaps SCO will come out with a "Linux Has No Documentation!" campaign, pointing out that the documentation included with SCO Open Server is superior. (Which it is, BTW.)
After the countless, lengthy, point by point rebuttles we would surely have to endure, there would probably be no fewer than 10 new projects created to remedy the situation, all of which would be dead by Christmas, because documentation writing is soooooooo very boring, and a thankless task, as well.
-Steve
On Fri, 2006-06-09 at 10:33 -0500, Steve wrote:
Feizhou wrote:
<snip>
... be no fewer than 10 new projects created to remedy the situation, all of which would be dead by Christmas, because documentation writing is soooooooo very boring, and a thankless task, as well.
So what's GNUsworthy about that? Same old problem new millenium. Unlike taking a crap, folks don't care that the job's not done until the paperwork is complete. And since it's an unstructured, "do what you want to contrib" effort...
-Steve
<snip sigs>
William L. Maltby wrote:
So what's GNUsworthy about that? Same old problem new millenium. Unlike taking a crap, folks don't care that the job's not done until the paperwork is complete. And since it's an unstructured, "do what you want to contrib" effort...
I guess we're getting off topic, as this is hardly a CentOS only problem. But... documentation is a perfect example of where commercial entities can really help. Companies like RedHat can and do pay people to go through the drudgery of writing docs. And, to be fair, things are *much* better than they used to be. Today, you can pretty much count on being able to "man zwonkumd.conf" and get some documentation on that config file. Back in the RH 6.x days, I remember that was a rarity.
It wouldn't hurt, though, if more projects would take the "Until it's documented, we won't advertise it as a feature" attitude. I believe that Debian has such a policy about their distro.
Thing is, though, we CentOS users have little right to complain. Paying RH customers do. But we can hardly fault Johnny and gang. We have no recourse but to ask "Why hasn't someone documented XYZ?". To which the answer is the perenial "Because no one has cared enough to do it. Hey why don't *you* do it after you get it all figured out?". Which is always pretty irritating, because it is so true.
-Steve
On Fri, 2006-06-09 at 11:09 -0500, Steve wrote:
William L. Maltby wrote:
So what's GNUsworthy about that? Same old problem new millenium. Unlike
<snip>
I guess we're getting off topic, as this is hardly a CentOS only problem.
True and I hope all know that no one was speaking of CentOS, certainly, or any particular ...
But... documentation is a perfect example of where commercial entities can really help. Companies like RedHat can and do pay people to go through the drudgery of writing docs. And, to be fair, things are *much* better than they used to be. Today, you can pretty much count on being able to "man zwonkumd.conf" and get some documentation on that config file. Back in the RH 6.x days, I remember that was a rarity.
Yep to all. However, after initial doc generation, keeping it maintained as the system changes is an even harder task than the gen of initial versions. So one must ask "What is the worth of documentation that can not be relied upon to be accurate and current and complete *most* of the time"?
Then all the ball-buster "gurus" who say "read the code if you want to know what's really happening ..." kick in their $.02.
It wouldn't hurt, though, if more projects would take the "Until it's documented, we won't advertise it as a feature" attitude. I believe that Debian has such a policy about their distro.
That's an outfit that we can support.
Thing is, though, we CentOS users have little right to complain.
?? "If you can't complain, you're not trying hard enough!". ;-) We can complain in light of the overall environment, but *not* about CentOS in particular, IMO. Gen of non-<your-fav-distro>-specific docs is certainly outside the <your-fav-distro> project scope and anyone complaining to/about <your-fav-distro> is off base.
The project that creates/maintains the software/component is responsible for the failure. Undocumented project-specific changes are the only failure of a specific project.
Paying RH customers do. But we can hardly fault Johnny and gang. We have no recourse but to ask "Why hasn't someone documented XYZ?". To which the answer is the perenial "Because no one has cared enough to do it. Hey why don't *you* do it after you get it all figured out?". Which is always pretty irritating, because it is so true.
However, we do have the absolute defense: "Because I don't want to any more than you. Regardless of the fact that you generated the super-whiz- bang software, it places no obligation on me to do the drudge work you chose to ignore, nor does it reduce my right of free speech nor increase my debt of gratitude. You chose to develop it; I have no obligation to appreciate it at all. If I do so, *you* owe me, It's your ego that got satisfied. If there is less satisfaction because now I can't use it due to poor/no documentation, tough for you". :-)
-Steve
<snip sig stuff>
I speak as a former *long-term* developer who hated doing docs but did them anyway as a point of pride, concern for my users and egocentric individual who wanted to be able to say "No one would do it better". :-)
It only took a couple "lazy" times to come to that attitude.
On Fri, 2006-06-09 at 11:09 -0500, Steve wrote:
It wouldn't hurt, though, if more projects would take the "Until it's documented, we won't advertise it as a feature" attitude. I believe that Debian has such a policy about their distro.
That sounds like it would ensure that people know even less about the feature, are less likely to use it, and much less likely to reach the point of writing the docs about it.
Thing is, though, we CentOS users have little right to complain. Paying RH customers do. But we can hardly fault Johnny and gang. We have no recourse but to ask "Why hasn't someone documented XYZ?". To which the answer is the perenial "Because no one has cared enough to do it. Hey why don't *you* do it after you get it all figured out?". Which is always pretty irritating, because it is so true.
The thing you need to remember is that unix, hence linux, is designed to reuse small tools in many ways, thus reusing any features that were previously understood and/or documented without starting over. The minimum size of a working encrypted password entry is really an attribute of the encryption method, not particularly related to the way it is used in the shadow file.
On Fri, 2006-06-09 at 23:24 +0800, Feizhou wrote:
There is this * in the password field of the shadow file for certain accounts.
I know that the ! is to indicate a locked account but what does a * mean?
My understanding is that anything in that field that is not a valid encrypted password means the account is disabled. I believe that '!!' and '*' are simply 2 different conventions indicating the same thing.
Sigh. Documentation a bit wanting now is it not?
Even google does not give me anything...all I found where references to pam(7) to determine what happens but there is not any pam(7) man page.
There is a minimum number of characters (13?) that can possibly be an encrypted password and its salt. Anything less than that is locked out automatically since a match is impossible - it doesn't take a special case or convention.
Steve wrote:
Feizhou wrote:
There is this * in the password field of the shadow file for certain accounts.
I know that the ! is to indicate a locked account but what does a * mean?
My understanding is that anything in that field that is not a valid encrypted password means the account is disabled. I believe that '!!' and '*' are simply 2 different conventions indicating the same thing.
Yeah, apparently * is used on BSD systems instead of !.
So the pam code? probably just accepts either now.
-
Feizhou -
Les Mikesell -
Steve -
William L. Maltby