This one time, at band camp, Thomas Bushnell BSG said: > Stephen Frost <sfrost@snowman.net> writes: > > > * Thomas Bushnell BSG (tb@becket.net) wrote: > >> Stephen Frost <sfrost@snowman.net> writes: > >> > >> > Leaving around unused accounts is plainly wrong too, and also a > >> > potential security risk. > >> > >> Can you outline the risk please? > > > > Sure. Locking accounts isn't necessairly perfect. > > What is an account in the password file? It's nothing more than the > ability to log in under a given UID. How is a starred password > anything other than perfect locking of the account? Many authentiaction systems do not use pam or shadow authentication. That's the point of the counter argument. I remember setting up ssh authorized keys for uucp, and that is a locked account (of course the command set and the host range was limited, but you see the point). -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature