Bug 24363

Summary: lack of explanation
Product: Documentation Reporter: roelof <roelof>
Component: Books & ArticlesAssignee: freebsd-doc (Nobody) <doc>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description roelof 2001-01-16 00:10:01 UTC 
I don't get it!

Fix: 

Some sort of partial rewrite. Maybe something that would show up in, say,
'apropos shadow' or so.

Currently it says enough if you know what it's about. But if you don't,
well, ...
How-To-Repeat: 
By Reading The F. Manual(s):

http://www.freebsd.org/handbook/securing-freebsd.html :

  An indirect way to secure the root account is to secure your staff
  accounts by using an alternative login access method and *'ing out
  the crypted password for the staff accounts. This way an intruder
  may be able to steal the

What's "*'ing"? Check 'man 5 passwd':

  The password field is the encrypted form of the password.  If the
  password field is empty, no password will be required to gain access to
  the machine.  This is almost invariably a mistake.  Because these files
  contain the encrypted user passwords, they should not be readable by any-
  one without appropriate privileges.  Administrative accounts have a pass-
  word field containing an asterisk `*' which disallows normal logins.

If you don't know what it's about, this won't teach you much. So you
want to secure. Fine. But how? Change any ol' pwd into a '*'? Mebbe?
Mebbe not. Who is to say?

I think it would be a good idea to explicitly state what is needed. With
a link or other kind of reference to the man.part in question.
Comment 1 Murray Stokely freebsd_committer freebsd_triage 2001-06-15 23:23:36 UTC 
State Changed
From-To: open->closed

The text has been clarified, thanks!