:-) I hope that users don't do that. Changing the shadow field to "*" or "!" is what you mean. (The thing with * and ! used to be mentioned in some manpage; This is how the passwd program under Linux locks a password: It just prepends a "!". these characters may not even be in the target set of the crypt(3) algorythm.)
Yes setting to "*" via 'passwd" would be bad. Or MD5, etc. In general setting the password field "manually" basically disables the acocunt.
*** With a SuSE, you might experience problems with this method of securing the root account: You are required to enter the root password if you boot into single user mode or when your file system check failed at boot time.
By the time you need to do that you may as well boot from a rescue floppy disk, at least that is my opinion.
Thanks, Roman.
Kurt Seifried SecurityPortal, your focal point for security on the net http://www.securityportal.com/