[Pkg-shadow-devel] Bug#496789: passwd(1) still describes the old behaviour of --lock
ron at debian.org
Wed Aug 27 12:55:59 UTC 2008
The passwd man page currently says:
Lock the password of the named account. This option disables a password
by changing it to a value which matches no possible encrypted value (it
adds a ´!´ at the beginning of the password).
Note that this does not disable the account. The user may still be able
to login using another authentication token (e.g. an SSH key).
To disable the account, administrators should use usermod --expiredate 1
(this set the account´s expire date to Jan 2, 1970).
Since the 'Note' now seems to be the default behaviour (which I do like :), it
should probably either be reworded to reflect that, or dropped entirely. I'd
guess the former will probably cause the least confusion while people readjust
their expectation of what -l does.
More information about the Pkg-shadow-devel