site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=d7Jc9ursas823aQ5O0jiZiN0tizKKWsin71fQqoxKgP4clYcAcXy5xw+zjJGy54bn8641ELEtBT5FmMOdjjZaNiig0W//I6McEEpOs25WRPW23IBPggpzm1kxssoKAA9Kgsiyug03ZadYDjGv7QSdZG/yfqjBUm7AMXDBCqrn9A= On Jul 17, 2006, at 11:12 AM, Paul Nelson wrote:
Is this field used at all in 10.4.x?
Will the OS ever use it during authentication for password verification? Only if the authentication_authority for that user is either not present or is set to ";basic;". However, you can read this attribute using POSIX level calls like getpwnam(), so it is possible that legacy software might assume a crypt password even when the auth authority indicates it should not. This is the reason for the conventional "********" marker value which is not a valid crypt password.
And also it's different from "*" which is traditionally used to indicate accounts which cannot be logged in to. -- Finlay _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On 19/07/06, Jason Townsend <jtownsend@opendarwin.org> wrote: This email sent to site_archiver@lists.apple.com