This bug may be filed as resolved, but the bug itself still exists. Requiring somebody who is already root to hand-modify the passwd file to have "!!" for any user who doesn't already have a password is completely foolish. Nobody in their right mind wants this kind of restriction. Bottom line: as root, running passwd on a user should ALWAYS succeed, replacing ANY existing contents with the new crypted password. If you want to annoy "enterprise" class admins, this is a fine way to do it. Not everyone wants to use whatever your utility is _this particular release_ to change users' passwords. Especially when wc -l passwd == 3000.
*** Bug 3281 has been marked as a duplicate of this bug. *** Am I going crazy? I installed Red Hat 6.0 (`Everything'), all was well, I logged in as root on the console, typed passwd operator to enable a non-root account, it said passwd: all authentication tokens updated successfully but /etc/passwd didn't actually change, the password was still *. I tried several different passwords. I did not enable MD5 passwords or NIS+ on the new setup screen at the end. This is not peculiar to operator. For example, I just tried passwd bin (another account with a * password), used jac:jil! for the password, and /etc/passwd didn't change despite the success message. ------- Additional Comments From jbj 06/05/99 11:12 ------- Change the password field from '*' to '!!' and you will be able to change the password. ------- Additional Comments From theman.edu 09/08/99 21:17 ------- This is not reasonable. No other unix does anything this stupid. Root using passwd to change the entry should ALWAYS work, no matter the existing contents. WHAT THE HELL WERE YOU THINKING?
It will be fixed in the next release. The passwd of the accound does not change (the account still remains locked), so I fail to see why this is a Security/High bug.