From c3e1cb406520610fd64f57b74a403764f1c81264 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Thu, 3 May 2012 08:20:41 +1200 Subject: [PATCH] passwd.5: Upstream pieces from Red Hat/Fedora Note mention of empty password field. Add description of "*NP*" in password field. Signed-off-by: Michael Kerrisk --- man5/passwd.5 | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/man5/passwd.5 b/man5/passwd.5 index 9c23fc164..5c32108c9 100644 --- a/man5/passwd.5 +++ b/man5/passwd.5 @@ -26,7 +26,7 @@ .\" Modified Sun Jun 18 01:53:57 1995 by Andries Brouwer (aeb@cwi.nl) .\" Modified Mon Jan 5 20:24:40 MET 1998 by Michael Haardt .\" (michael@cantor.informatik.rwth-aachen.de) -.TH PASSWD 5 2012-02-14 "Linux" "Linux Programmer's Manual" +.TH PASSWD 5 2012-05-03 "Linux" "Linux Programmer's Manual" .SH NAME passwd \- password file .SH DESCRIPTION @@ -50,6 +50,20 @@ and the encrypted passwords are in .IR /etc/shadow , which is readable by the superuser only. .PP +If the encrypted password, whether in +.I /etc/passwd +or in +.IR /etc/shadow , +is an empty string, login is allowed without even asking for a password. +Note that this functionality may be intentionally disabled in applications, +or configurable (for example using the "nullok" or "nonull" arguments to +pam_unix.so). +.PP +If the encrypted password in +.I /etc/passwd +is "\fI*NP*\fP" (without the quotes), +the shadow record should be obtained from an NIS+ server. +.PP Regardless of whether shadow passwords are used, many system administrators use an asterisk (*) in the encrypted password field to make sure that this user can not authenticate him- or herself using a