2010-11-05 08:43:44 +00:00
|
|
|
diff -up man-pages-3.30/man5/passwd.5.pom man-pages-3.30/man5/passwd.5
|
|
|
|
|
--- man-pages-3.30/man5/passwd.5.pom 2010-11-01 15:55:41.000000000 +0100
|
|
|
|
|
+++ man-pages-3.30/man5/passwd.5 2010-11-05 09:33:57.000000000 +0100
|
|
|
|
|
@@ -45,11 +45,20 @@ hardware was too slow to crack a well-ch
|
2007-05-11 08:49:44 +00:00
|
|
|
basic assumption used to be that of a friendly user-community.
|
|
|
|
|
These days many people run some version of the shadow password suite, where
|
2007-02-27 11:33:31 +00:00
|
|
|
.I /etc/passwd
|
2007-05-11 08:49:44 +00:00
|
|
|
-has asterisks (*) instead of encrypted passwords,
|
|
|
|
|
+has "x" instead of encrypted passwords,
|
2007-02-27 11:33:31 +00:00
|
|
|
and the encrypted passwords are in
|
2010-11-05 08:43:44 +00:00
|
|
|
.IR /etc/shadow ,
|
2007-02-27 11:33:31 +00:00
|
|
|
which is readable by the superuser only.
|
|
|
|
|
.PP
|
2011-01-25 15:54:13 +00:00
|
|
|
+If the encrypted password, whether in /etc/passwd or in /etc/shadow, is
|
|
|
|
|
+an empty string, login is allowed without even asking for a password.
|
|
|
|
|
+Note that this functionality may be intentionally disabled in applications,
|
|
|
|
|
+or configurable (for example using the "nullok" or "nonull" arguments to
|
|
|
|
|
+pam_unix.so).
|
|
|
|
|
+.PP
|
|
|
|
|
+If the encrypted password in /etc/passwd is "*NP*" (without the quotes),
|
|
|
|
|
+the shadow record should be obtained from a NIS+ server.
|
2007-02-27 11:33:31 +00:00
|
|
|
+.PP
|
2010-11-05 08:43:44 +00:00
|
|
|
Regardless of whether shadow passwords are used, many system administrators
|
2007-02-27 11:33:31 +00:00
|
|
|
use an asterisk in the encrypted password field to make sure
|
|
|
|
|
that this user can not authenticate him- or herself using a
|
