http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c23
Dr. Werner Fink changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 - None |P3 - Medium
Component|Installation |Basesystem
QAContact|jsrain@novell.com |qa@suse.de
--- Comment #23 from Dr. Werner Fink 2010-08-13 08:33:29 UTC ---
On some systems tw exclamation marks indicate that the password has not been
set yet and the account is locked. But AFAICS our useradd simply disables
(== one exclamation mark) is no password was specified. On a standard
installation of an openSUSE there should be only asterisk or if the account
is locked only one exclamation mark e.g. by using `passwd -l <user>' or
`usermod -L <user>'
.. but during my debugging I've found that usermod creates a file
/etc/shadow.old. Now locking leads to
# usermod -L nobody
# grep nobody /etc/shadow*
/etc/shadow:nobody:*:13595::::::
/etc/shadow.old:nobody:!*:13595::::::
# passwd -u nobody# grep nobody /etc/shadow*
/etc/shadow:nobody:*:13595::::::
/etc/shadow.old:nobody:!*:13595::::::
that leads me to the conclusion that those two exclamation marks exsists
a long time in your /etc/shadow by e.g. using an older version of usermod
adding a exclamation mark even if the account was already locked.
The current tool reject locking twice:
# passwd -l nobody
Password for `nobody' is already locked!
.. OK now let's see what happens on a 11.3:
# usermod -L nobody
# grep nobody /etc/shadow*
/etc/shadow:nobody:!*:14832::::::
/etc/shadow.old:nobody:*:14832::::::
# su nobody
su: incorrect password
.. that is a bug on 11.3 as locking the user nobody with system tools
causes that even root can do an su to an locked account.
The question is: does this bug belong to PAM or to su.
Hand over to Philipp and Michael.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.