We just had some spam sent via our webmail. Turns out we had an account with a blank password but the shell set to /sbin/nologin (RedHat Linux). The webmail client was able to login with random passwords. This seems to be true logging in with Alpine also - random passwords work, but blank ones do not.
I suspect that this is standard Linux behaviour and stupidity on our part. However, the ability to login with random passwords that are not checked is a bit bizarre.
-- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager _______________________________________________ Imap-uw mailing list Imap-uw@u.washington.edu http://mailman2.u.washington.edu/mailman/listinfo/imap-uw