On Mon, Apr 19, 2010 at 5:42 PM, Andrew Klettke
<aklet...@opticfusion.net> wrote:
> You mean the "*" field? I've replaced that with "radius", as you suggested,
> so it looks like so:
> (removed):radius:1000:10:radius:0:0:nocstaff:/home/(removed):/bin/ksh
>
> It works, the user can log in fine still; however, OpenBSD still isn't
happy
> about it:
>
> Checking the /etc/master.passwd file:
> Login (removed) is off but still has a valid shell and alternate access
> files in
>         home directory are still readable.

Guess my awk isn't as awesome as it used to be.  I'd just edit
/etc/security.  There's a check in there to make sure the password
isn't skey.  Add another check that's it's not radius.

Reply via email to