|
|
adding a * in front of the encrypted pw should be enough
I didn't want the original password to go away.
Actually accroding to Unix wisdom, just inserting a "*" in front of the encrypted password should be enough. The "*" is outside of the range of characters that the crypt() library uses to encrypt passwords. That way the users password cannot be checked, result: No login possible. When you want to re-enable login with the same password, you just remove the "*" in front of the password. I haven't tryed it on Mac OS X, but this would be the Unix way of doing it. Also as an additional measure of security set the shell to "/sbin/nologin".
adding a * in front of the encrypted pw should be enough
Ok, so just to clarify what you're saying here, if a user's hashed password is, say, Q2w3E4r5T6y, then you can disable that account by simply changing it to *Q2w3E4r5T6y, and it can be restored by changing it back to Q2w3E4r5T6y? I didn't realize that hashed passwords could be tampered with at all without damaging them, so I've always made a point of leaving /etc/passwd alone for the most part (read-only usage only, no editing except by shell tools like "passwd").
So would something like this be considered the canonical way to disable logins on OSX? I know that some things are different here than on other Unixes, and I'm trying to get in the habit of doing things the OSX way...
adding a * in front of the encrypted pw should be enough
If you modify the encrypted password, chances are it'll be very hard (if not impossible) to guess what the unencrypted version will be. So by adding a char to the beginning (especially a char that isn't valid in an encrypted password) you're changing the unencrypted password to something that the user won't be able to guess.
re: adding a * in front of the encrypted pw should be enough
True, adding a * would do this as well, but I think the method I use is much more elegant. To me, it's a lot easier to insert a value then destroy that value instead of actually tampering with the password itself. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:Hints1 new Hints in the last 24 hoursComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|