tags 389183 wontfix thanks This bug is indeed not fixed since its patch was reverted.
I decided to revert it because it breaks some expectations from users used to passwd -l only locking the passwd. I could have a look at 3 different sources: * pwdutils (provides passwd on Suse) passwd -l is documented as locking the account but only locks the user's account (as documented by the usage string) * OpenSolaris locks the user's password * fedora's passwd package passwd -l is documented as locking the account but only locks the user's account The reversion was done after 492307, which was triggered by Ubuntu bugs: * https://bugs.launchpad.net/bugs/185767 * https://bugs.launchpad.net/bugs/238755 * https://bugs.launchpad.net/bugs/251696 These bugs were caused by users expecting passwd -l to only lock the password / users being recommended to use passwd -l: https://help.ubuntu.com/community/RootSudo I currently think that passwd should only touch the password. (I would also prefer usermod --lock to locks the account) Together with the reversion of the patch, I documented passwd -l to actually mention what it really does: -l, --lock Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ´!´ at the beginning of the password. Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use usermod --expiredate 1 (this set the account´s expire date to Jan 2, 1970). Users with a locked password are not allowed to change their password. Best Regards, -- Nekral -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
