site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Is this field used at all in 10.4.x? Hope that helps, -Jason _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On Jul 17, 2006, at 11:12 AM, Paul Nelson wrote: Will the OS ever use it during authentication for password verification? Only if the authentication_authority for that user is either not present or is set to ";basic;". However, you can read this attribute using POSIX level calls like getpwnam(), so it is possible that legacy software might assume a crypt password even when the auth authority indicates it should not. This is the reason for the conventional "********" marker value which is not a valid crypt password. If you don't want your users to be able to change the passwd attribute, you can simply remove the _writers_passwd attribute which is allowing them to do so. This email sent to site_archiver@lists.apple.com