Package: passwd Version: 1:4.1.4.2-1 Severity: normal I found that the manpages of passwd and usermod report a non-working procedure about how to lock accounts.
>From `man passwd': -l, --lock [...] Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use usermod --expiredate 1 (this set the account´s expire date to Jan 2, 1970). and, from `man usermod': -L, --lock [...] Note: if you wish to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1. However, `usermod -e 1 <username>' does not set the expiraton date to Jan 2, 1970 (1970-01-01 + 1day), but to the current date. This means that the account won't be locked until the next day (this is the real problem). Ubuntu behaves differently, there `passwd -L' locks the password AND the account by setting the expiration date to Jan 2, 1970. I think that this might be a good way to implement account locking, and there'e no need to mention 'usermod -e 1` in the manpages (or it must be fixed). Hope this helps. Paride -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32.2 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages passwd depends on: ii debianutils 3.2.2 Miscellaneous utilities specific t ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libpam-modules 1.1.0-4 Pluggable Authentication Modules f ii libpam0g 1.1.0-4 Pluggable Authentication Modules l ii libselinux1 2.0.89-4 SELinux runtime shared libraries passwd recommends no packages. passwd suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
