Re: adduser: disabling passwords, disabling logins
On Thu, 10 Mar 2022 13:57:13 +0200, Wouter Verhelst
<wouter@debian.org> wrote:
>On Wed, Mar 09, 2022 at 09:00:22PM +0100, Marc Haber wrote:
>> On Tue, 8 Mar 2022 18:40:11 +0000, Simon McVittie <smcv@debian.org>
>> >--disabled-login: the new account has an empty password but is "locked";
>> >so password authentication will fail, but "unlocking" the account will
>> >result in login being accepted with a blank password (subject to other
>> >policies like ssh PermitEmptyPasswords and PAM nullok)
>>
>> that way, --disabled-login doesnt sound desireable at all, it would
>> violate the principle of least surprise at least for me. I'd have
>> expected (and always believed) that a password of ! will also prevent
>> ssh-key logins from happening.
>
>I don't see how that follows from Simon's statement? AIUI, he's saying
>that that is true *until" you unlock the account (which essentially
>means dropping the "!" from the passwd file).
>
>Am I misreading something here?
I have re-read Simon's words and still have the interpretation that
unlocking an account that has been created with -disabled-login will
allow login without password, making the account completely open.
Maybe some native speaker might want to bring light into this by
choosing different words for what Simon wrote.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: