From 95ea3dd4128b625ab12691229020ebc50d578e71 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 31 Jan 2023 16:08:00 +0100
Subject: [PATCH] lslogins: explain password statuses

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 login-utils/lslogins.1.adoc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/login-utils/lslogins.1.adoc b/login-utils/lslogins.1.adoc
index 5d3111252a..73991e7762 100644
--- a/login-utils/lslogins.1.adoc
+++ b/login-utils/lslogins.1.adoc
@@ -119,6 +119,19 @@ if a serious error occurs (e.g., a corrupt log).
 
 The default UID thresholds are read from _/etc/login.defs_.
 
+=== Password status
+
+Multiple fields describe password status.
+
+*"Login by password disabled"*::
+'yes' means that there is no valid password. The password hash is missing, or the hash method is unknown or contains invalid chars.
+
+*"Password not required (empty)"*::
+The password is not set (hash is missing); this is common for locked system accounts. Not requiring a password does not mean the user can log-in without a password. It depends on the password "lock" status.
+
+*"Password is locked"*::
+The password is prefixed by '!!', and the user cannot login although the password is set.
+
 == HISTORY
 
 The *lslogins* utility is inspired by the *logins* utility, which first appeared in FreeBSD 4.10.
-- 
2.47.2