On Fri, Apr 20, 2001 at 01:41:30AM +0100 or thereabouts, Vincent Cunniffe wrote:
> What's the difference between * and !! for the password field in
> /etc/shadow under Linux?
>> I've been poking around, and all of the standard system accounts
> such as bin, daemon, etc have *, which translates as 'No Password
> Set', and stuff such as squid or other brand-new users have their
> entries set to !!, which translates as 'Locked Password'. Neither
> can log into the system.
>> Anyone care to expound on the difference between these, and the
> security reasoning behind it?
One use I've seen for the * is to force key-pair authentication for ssh
connections. If a user account has the *, one cannot use a password to
login but one can connect with ssh and a proper key pair.
Met Eireann, Glasnevin Hill, Dublin 9, Ireland
Ph +353 1 8064217 Fax +353 1 8064275
8:47am up 10 days, 17:58, 7 users, load average: 0.01, 0.02, 0.00
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!