/etc/shadow Locked accounts

[redhat at buglecreek.com]

On Thu, 13 Oct 2005 07:59:43 -0700, "Waldher, Travis R"
<Travis.R.Waldher at boeing.com> said:
> > -----Original Message-----
> > From: Rick Stevens [mailto:rstevens at vitalstream.com]
> > Sent: Wednesday, October 12, 2005 5:52 PM
> > To: Getting started with Red Hat Linux
> > Subject: Re: /etc/shadow Locked accounts
> > 
> > On Wed, 2005-10-12 at 14:19 -0600, redhat at buglecreek.com wrote:
> > > On a RedHat ES 4 system I was checking for null passwords in
> /etc/shadow
> > > and came across a "x" in the encrypted password field (2nd field)
> for  a
> > > few accounts.  I have seen "!" "!!" and "*" for locked accounts but
> have
> > > not come across a "x". The x does seem to lock the accounts however,
> > > which is what I want.  Anyone know what program may have placed the
> x in
> > > the field? The "usermod -L" and "passwd -l" commands does not seem
> to.
> > > Also, does it have the same effect as "!"?  I was just curious if
> anyone
> > > else has seen this.
> > 
> > Smells like a hack job to me.  /etc/shadow should have an encrypted
> > password or a single or double "!" in it.  It should NEVER have a
> single
> > character.  It should render the password invalid, however, as there
> > is no encryption system I know of that would generate a single
> character
> > as the encrypted string.
> > 
> 
> While this isn't a hack, this would be a hack job of administration.
> 
> To reproduce this "x", do this:
> 
> 1) manually edit the /etc/passwd file, create a user account
> 2) Place an "x" in the password field
> 	user1:x:600:600::/home/user1:/bin/bash
> 3) execute pwconv
> 
> Pwconv will place an "x" in the password field of the shadow file for
> that user.   This still does this on the initial release of AS4.0/FC,
> I'm not sure if a security patch has come out to address this.
> 
> Travis
> 


Interesting. I tried to reproduce the "x", but did not think of using
pwconv.  I tried it and yes it does place an "x" in /etc/shadow.  Thanks