>From passwd(5) : Similarly, login accounts not allowing password authentication but allowing other authentication methods, for example public key authentication, conventionally have 13 asterisks in the password field.
I believe security(8) will stop barking about these accounts if you set the encrypted password to 13 asterisks, instead of just one. Sorry for top post. Gmail gets squirrelly sometimes when I try to properly respond in body. On Sun, Jul 1, 2018 at 12:22 PM, Daniel Ouellet <[email protected]> wrote: > I find this annoying and sometime I over look this because I always get > the example: > > ============== > Running security(8): > > Checking the /etc/master.passwd file: > Login share is off but still has a valid shell and alternate access files > in > home directory are still readable. > Login xxx is off but still has a valid shell and alternate access files in > home directory are still readable. > ========= > > Is there a better or different way to do this? > > I always disable the login password on users with * oppose to password > in the master.passwd file after keys are installed as I DO NOT want to > allow login password when ssh keys are use, but still get the above > warning daily on multiples servers & users. > > The Running security(8): is nice as you see possible changes done by sys > admin and you get the feedback, but getting daily warning for the same > things sometime will get overlook because of noise. > > Is there a better way to disable login and not get these warning for ssh > key users and keep the valid idea and use of the cronjob as is? > > Daniel > >
