On 2019/02/25 18:20, Theo Buehler wrote:
> On Mon, Feb 25, 2019 at 05:14:50PM +0000, Stuart Henderson wrote:
> > On 2019/02/25 09:13, Adam Thompson wrote:
> > > > Use vipw to put 13 * in the password field
> > > >
> > > > From passwd(5)
> > > > [...]
> > > > authentication, conventionally have 13 asterisks in the password field.
> > >
> > > Thank you! Now that I know what I'm looking for, I can see the relevant
> > > code in security(8), too.
> > >
> > > I wonder if there's a way for ports to do that for me while calling useradd?
> > > Another rabbit hole to go down.
> > >
> > > Thanks again,
> > > -Adam
> > >
> >
> > It normally does already. Do you have an unusual "password" line in /etc/usermgmt.conf?
>
> I think the user(8) behavior changed in that regard in user.c rev 1.112
> https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/user/user.c.diff?r1=1.111&r2=1.112
>
> @@ -1130,16 +1082,8 @@
> warnx("Warning: home directory `%s' doesn't exist, and -m was"
> " not specified", home);
> }
> - if (up->u_password != NULL && valid_password_length(up->u_password)) {
> - (void) strlcpy(password, up->u_password, sizeof(password));
> - } else {
> - (void) memset(password, '*', DES_Len);
> - password[DES_Len] = 0;
> - if (up->u_password != NULL) {
> - warnx("Password `%s' is invalid: setting it to `%s'",
> - up->u_password, password);
> - }
> - }
> + (void) strlcpy(password, up->u_password ? up->u_password : "*",
> + sizeof(password));
> cc = snprintf(buf, sizeof(buf), "%s:%s:%u:%u:%s:%lld:%lld:%s:%s:%s\n",
> login_name,
> password,
>
Ah yes - I must have been looking at users from old installed
packages. Now I scroll down further I see them too..
No comments:
Post a Comment