|
|
adding a * in front of the encrypted pw should be enough
Ok, so just to clarify what you're saying here, if a user's hashed password is, say, Q2w3E4r5T6y, then you can disable that account by simply changing it to *Q2w3E4r5T6y, and it can be restored by changing it back to Q2w3E4r5T6y? I didn't realize that hashed passwords could be tampered with at all without damaging them, so I've always made a point of leaving /etc/passwd alone for the most part (read-only usage only, no editing except by shell tools like "passwd").
So would something like this be considered the canonical way to disable logins on OSX? I know that some things are different here than on other Unixes, and I'm trying to get in the habit of doing things the OSX way...
adding a * in front of the encrypted pw should be enough
If you modify the encrypted password, chances are it'll be very hard (if not impossible) to guess what the unencrypted version will be. So by adding a char to the beginning (especially a char that isn't valid in an encrypted password) you're changing the unencrypted password to something that the user won't be able to guess. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:Hints1 new Hints in the last 24 hoursComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|