On 2010/04/20 13:04, Alexander Hall wrote:
quoted text
> On 04/20/10 08:37, Stuart Henderson wrote:
> > On 2010-04-19, Andrew Klettke <aklettke@opticfusion.net> wrote:
> >> Hello all,
> >>
> >> I'm having a (cosmetic) problem with a couple of OpenBSD boxes that are 
> >> using RADIUS authentication.
> >>
> >> When I install the OS, I create a local user with local authentication. 
> >> After the box's network config is all done, I then change the login 
> >> class of the user to so I can use RADIUS, by modifying 
> >> /etc/master.passwd with `vipw', so it looks like this:
> >> (removed):*:1000:10:radius:0:0::/home/(removed):/bin/ksh
> >>
> >> The problem then occurs when /etc/security runs, as it gives the 
> >> following output:
> >>
> >> Checking the /etc/master.passwd file:
> >> Login (removed) is off but still has a valid shell and alternate access files in
> >> 	 home directory are still readable.
> >>
> >> This login is being used successfully with RADIUS, all is working as 
> >> expected, I just want to get rid of this error. Any input?
> >>
> > 
> > Set the encrypted password to *************
> > 
> 
> Thank you Stuart for not recommending hacking away on /etc/security but
> instad provide the "correct" answer. :-)
> 
> And while the awk-literate audience might have noticed that any
> 13-character string would suffice, I'd say "*************" is indeed the
> most prevalent form thereof.

For the record I dislike this loophole, but since it's there (and
there were various complaints when I tried removing it), may as well
make use of it. :)