--- man-pages-2.43/man5/passwd.5.pom 2006-07-05 14:45:41.000000000 +0200 +++ man-pages-2.43/man5/passwd.5 2007-02-27 12:23:27.000000000 +0100 @@ -45,11 +45,20 @@ basic assumption used to be that of a friendly user-community. These days many people run some version of the shadow password suite, where .I /etc/passwd -has asterisks (*) instead of encrypted passwords, +has "x" instead of encrypted passwords, and the encrypted passwords are in .I /etc/shadow which is readable by the superuser only. .PP +If the encrypted password, whether in /etc/passwd or in /etc/shadow, is +an empty string, login is allowed without even asking for a password. +Note that this functionality may be intentionally disabled in applications, +or configurable (for example using the "nullok" or "nonull" arguments to +pam_unix.so). +.PP +If the encrypted password in /etc/passwd is "*NP*" (without the quotes), +the shadow record should be obtained from a NIS+ server. +.PP Regardless of whether shadow passwords are used, many sysadmins use an asterisk in the encrypted password field to make sure that this user can not authenticate him- or herself using a