diff -up man-pages-3.30/man5/passwd.5.pom man-pages-3.30/man5/passwd.5 --- man-pages-3.30/man5/passwd.5.pom 2010-11-01 15:55:41.000000000 +0100 +++ man-pages-3.30/man5/passwd.5 2010-11-05 09:33:57.000000000 +0100 @@ -45,11 +45,20 @@ hardware was too slow to crack a well-ch basic assumption used to be that of a friendly user-community. These days many people run some version of the shadow password suite, where .I /etc/passwd -has asterisks (*) instead of encrypted passwords, +has "x" instead of encrypted passwords, and the encrypted passwords are in .IR /etc/shadow , which is readable by the superuser only. .PP +If the encrypted password, whether in /etc/passwd or in /etc/shadow, is. +an empty string, login is allowed without even asking for a password.. +Note that this functionality may be intentionally disabled in applications,. +or configurable (for example using the "nullok" or "nonull" arguments to. +pam_unix.so).. +.PP. +If the encrypted password in /etc/passwd is "*NP*" (without the quotes),. +the shadow record should be obtained from a NIS+ server.. +.PP Regardless of whether shadow passwords are used, many system administrators use an asterisk in the encrypted password field to make sure that this user can not authenticate him- or herself using a