[SunHELP] Difference between NP and *LK* in shadow file
Pedro Román Vela
Pedro.Roman at ydilo.com
Mon Apr 28 15:01:53 CDT 2003
As far as I know, it's just a matter of taste. Both are strings the hashing
algorithm that converts the password you write into a unique string will
never produce, so the accounts are effectively "locked" from common login
access.
I think the locking you are talking about has more to do with disabling any
possibility of logging into that account, by setting the shell to /dev/null,
for example.
-----Original Message-----
From: Simoncini, Matthew [mailto:Matthew.Simoncini at bsci.com]
Sent: lunes, 28 de abril de 2003 20:20
To: 'Dale Ghent'; Simoncini, Matthew
Cc: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] Difference between NP and *LK* in shadow file
Thank you for all of the responses, but I should have stated in my first
post that I know that *LK* means locked and NP means No Password. I should
have clarified that the information that I'm interested in has more to do
with security and usability. We have certain applications that require a
Solaris userid to run, but no one will ever actually log in as this
particular user. Is it more accepted to input a NP in the password field of
/etc/shadow or to lock the account by using the 'passwd -l' option?
I'm not sure, but many of you might be running the Sun NetConnect for
monitoring your systems. Prior to the install, you must create a userid for
NetConnect so that any processes not needing root privilege will run as the
newly created user. The install directions say not to lock the account, but
essentially disable the login ability by using NP in the password field.
These directions from Sun prompted my boss to ask me the difference in *LK*
and NP.
Thanks again for all the responses so far.
Matthew Simoncini
Unix Administrator
Boston Scientific / Accenture
> -----Original Message-----
> From: Dale Ghent [mailto:daleg at elemental.org]
> Sent: Monday, April 28, 2003 2:10 PM
> To: Simoncini, Matthew
> Cc: 'sunhelp at sunhelp.org'
> Subject: Re: [SunHELP] Difference between NP and *LK* in shadow file
>
>
> On Monday, Apr 28, 2003, at 11:56 US/Eastern, Simoncini,
> Matthew wrote:
>
> > Hello gurus,
> >
> > I may be showing my ignorance on this question, but what's the
> > difference
> > between NP and *LK* in the shadow file? I'm just shooting this
> > question off
> > quickly because someone asked me and I don't have the time
> to research
> > it,
> > but knew someone here would have the answer.
>
> *LK* means that the account is "locked" or disabled.
>
> This is the default state for a newly created account until a new
> password is set, or when an account is locked via the usermod utility.
>
> /ek
> http://elektronkind.org/
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
--------------------------------------------------------------------------------------
This message and any files transmitted with it are confidential and intended solely
for the use of the individual or entity to whom they are addressed. No confidentiality
or privilege is waived or lost by any wrong transmission.
If you have received this message in error, please immediately destroy it and kindly
notify the sender by reply email.
You must not, directly or indirectly, use, disclose, distribute, print, or copy any
part of this message if you are not the intended recipient. Opinions, conclusions and
other information in this message that do not relate to the official business of
Ydilo Advanced Voice Solutions, S.A. shall be understood as neither given nor endorsed by it.
--------------------------------------------------------------------------------------
More information about the SunHELP
mailing list