Your message dated Tue, 2 Sep 2008 00:24:16 +0930
with message-id <[EMAIL PROTECTED]>
and subject line Re: [Pkg-shadow-devel] Bug#496789: passwd(1) still describes
the old behaviour of --lock
has caused the Debian Bug report #496789,
regarding passwd(1) still describes the old behaviour of --lock
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
496789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496789
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: passwd
Version: 1:4.1.1-4
Severity: normal
Hi,
The passwd man page currently says:
-l, --lock
Lock the password of the named account. This option disables a password
by changing it to a value which matches no possible encrypted value (it
adds a ´!´ at the beginning of the password).
Note that this does not disable the account. The user may still be able
to login using another authentication token (e.g. an SSH key).
To disable the account, administrators should use usermod --expiredate 1
(this set the account´s expire date to Jan 2, 1970).
Since the 'Note' now seems to be the default behaviour (which I do like :), it
should probably either be reworded to reflect that, or dropped entirely. I'd
guess the former will probably cause the least confusion while people readjust
their expectation of what -l does.
Thanks!
Ron
--- End Message ---
--- Begin Message ---
On Mon, Sep 01, 2008 at 01:14:59AM +0200, Nicolas François wrote:
> On Wed, Aug 27, 2008 at 10:25:59PM +0930, [EMAIL PROTECTED] wrote:
> >
> > The passwd man page currently says:
> >
> > -l, --lock
> > Lock the password of the named account. This option disables a
> > password
> > by changing it to a value which matches no possible encrypted value
> > (it
> > adds a ´!´ at the beginning of the password).
> >
> > Note that this does not disable the account. The user may still be
> > able
> > to login using another authentication token (e.g. an SSH key).
> > To disable the account, administrators should use usermod
> > --expiredate 1
> > (this set the account´s expire date to Jan 2, 1970).
>
> In my understanding, the two paragraphs are consistent with the current
> (1:4.1.1-4) passwd.
>
> I prefer to describe what -l does, and give additional information to
> avoid misread.
Sorry, this appears to be my confusion as a result of still having a machine
on 1:4.1.1-1. I knew it had changed, then couldn't remember which way and
found the man page I read to disagree with the observed behaviour when I
tested it -- but you are correct, in current versions the man page does
describe the current behaviour, and that's all I was asking for. I just
missed that it had changed back to the original behaviour again and that
I hadn't updated everywhere yet.
My apologies for the noise,
Ron
--- End Message ---
