[Pkg-shadow-devel] Bug#496789: Bug#496789: passwd(1) still describes the old behaviour of --lock

Nicolas François nicolas.francois at centraliens.net
Sun Aug 31 23:14:59 UTC 2008


On Wed, Aug 27, 2008 at 10:25:59PM +0930, ron at debian.org wrote:
> The passwd man page currently says:
>    -l, --lock
>        Lock the password of the named account. This option disables a password
>        by changing it to a value which matches no possible encrypted value (it
>        adds a ´!´ at the beginning of the password).
>        Note that this does not disable the account. The user may still be able
>        to login using another authentication token (e.g. an SSH key).
>        To disable the account, administrators should use usermod --expiredate 1
>        (this set the account´s expire date to Jan 2, 1970).
> Since the 'Note' now seems to be the default behaviour (which I do like :), it
> should probably either be reworded to reflect that, or dropped entirely.  I'd
> guess the former will probably cause the least confusion while people readjust
> their expectation of what -l does.

Sorry, I don't really understand what you would like to change.
In my understanding, the two paragraphs are consistent with the current
(1:4.1.1-4) passwd.

I prefer to describe what -l does, and give additional information to
avoid misread.
If I reverse the two paragraphs, I don't think it will be clearer (there
are a lot of other thinks that passwd -l does not do).

Would you have a proposal?

Thanks in advance,

More information about the Pkg-shadow-devel mailing list