This one time, at band camp, Marc Haber said:
> On Mon, 09 May 2005 15:34:06 +0300, Shaul Karl <shaulk@013.net> wrote:
> >adduser(8) states that
> >
> > With the --disabled-login option, the account will be created but
> > will be disabled until a password is set. The --disabled-password
> > option will not set a password, but login are still possible for
> > example through SSH RSA keys.
> >
> >I wonder what is the difference?
>
> One disables the account, the other sets an invalid password. I think
> that the manpage is quite clear about that.
>
> >Perhaps what I really should have asked is about the contents of
> >/etc/{passwd,shadow}'s password field for disabled accounts.
>
> One is "*", the other is "!". I never know which is which.
* is disabled, IIRC, and ! is an invalid password (but would still allow
logging in with, e.g, an ssh key). Or so my (often faulty) memory says.
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
Attachment:
pgpV1MtNuMYxB.pgp
Description: PGP signature