On Fri, 2006-06-09 at 23:24 +0800, Feizhou wrote:
> >
> >> There is this * in the password field of the shadow file for certain
> >> accounts.
> >>
> >> I know that the ! is to indicate a locked account but what does a * mean?
> >>
> > My understanding is that anything in that field that is not a valid
> > encrypted password means the account is disabled. I believe that '!!'
> > and '*' are simply 2 different conventions indicating the same thing.
> >
>
> Sigh. Documentation a bit wanting now is it not?
>
> Even google does not give me anything...all I found where references to
> pam(7) to determine what happens but there is not any pam(7) man page.
There is a minimum number of characters (13?) that can possibly be an
encrypted password and its salt. Anything less than that is locked
out automatically since a match is impossible - it doesn't take a
special case or convention.
--
Les Mikesell
lesmikesell at gmail.com