Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Golden_Eternity (bhodi_jabir_at_yahoo.com)
Date: Fri Dec 20 2002 - 16:04:30 CST
> I don't know why RH does this. But having a valid shell in /etc/passwd
> is not sufficent for an attacker. The account also must have a valid
> password in /etc/shadow (or wherever your OS keeps them). Usually the
> role-accounts look somewhat like this:
> The "*" or some other symbol like "!" means, that this is not a valid
> password and so nobody can enter a correct password for this account.
In July 2001, there was an ssh issue that affected user accounts with !!
in their password field. This issue wouldn't have been quite as big a
risk for redhat systems, if they had set the shells for these accounts
to be /bin/false or something similar.
So, this isn't an issue in and of itself, but by changing the shells, we
could help mitigate the effect of other potential security issues.