Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!ll-xn!mit-eddie!bloom-beacon!gatech!mcnc!rti!tijc02!pjs269
From: pjs269@tijc02.UUCP (Paul Schmidt        )
Newsgroups: sci.crypt
Subject: Re: Re: Re: Unix Password Hacker
Message-ID: <206@tijc02.UUCP>
Date: 25 Feb 88 14:11:42 GMT
References: <731@ddsw1.UUCP> <657@morningdew.BBN.COM> <24582@cca.CCA.COM> <7271@brl-smoke.ARPA> <205@tijc02.UUCP> <7317@brl-smoke.ARPA>
Distribution: na
Organization: Texas Instr., Johnson City TN
Lines: 14

> You're wrong.  The SVID permits an empty field in /etc/passwd with the
> real passwords stored elsewhere (I suggested "*" in the field, rather
> than empty, because currently an empty field is taken to mean that no
> password is required).  IEEE 1003.1 (POSIX) no longer requires the
> password to be stored in /etc/passwd either.
> 
> It seems some operating system specifiers agree with my suggestion now
> and will continue to do so.


You are right.  POSIX says that "If the encoded password contains characters 
outside the 64-character alphabet, the meaning is implementation-dependent."
(as of Nov 1987)  The "*" in the password is then a good idea.

Paul Schmidt