From: Michael Kerrisk Date: Wed, 5 Jul 2006 12:45:41 +0000 (+0000) Subject: Add explanation of 'x' character in 'password' field. X-Git-Tag: man-pages-2.35~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=30f7100e8bf0803042f554caa8625ab8c81d5759;p=thirdparty%2Fman-pages.git Add explanation of 'x' character in 'password' field. The proper name of "*" is "asterisk" not "star". --- diff --git a/man5/passwd.5 b/man5/passwd.5 index 948deb22a9..96c05599f6 100644 --- a/man5/passwd.5 +++ b/man5/passwd.5 @@ -45,16 +45,17 @@ hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community. These days many people run some version of the shadow password suite, where .I /etc/passwd -has *'s instead of encrypted passwords, and the encrypted passwords are in +has asterisks (*) instead of encrypted passwords, +and the encrypted passwords are in .I /etc/shadow which is readable by the superuser only. .PP Regardless of whether shadow passwords are used, many sysadmins -use a star in the encrypted password field to make sure +use an asterisk in the encrypted password field to make sure that this user can not authenticate him- or herself using a password. (But see the Notes below.) .PP -If you create a new login, first put a star in the password field, +If you create a new login, first put an asterisk in the password field, then use .BR passwd (1) to set it. @@ -73,7 +74,10 @@ The field descriptions are: the name of the user on the system. It should not contain capital letters. .TP .I password -the encrypted user password or a star. +the encrypted user password, an asterisk (*), or the letter 'x'. +(See +.BR pwconv (8) +for an explanation of 'x'.) .TP .I UID the numerical user ID. @@ -105,7 +109,7 @@ If you want to create user groups, their GIDs must be equal and there must be an entry in \fI/etc/group\fP, or no group will exist. .PP -If the encrypted password is set to a star, the user will be unable +If the encrypted password is set to an asterisk, the user will be unable to login using .BR login (1), but may still login using