[TUHS] Questions about * and ! in the password field of passwd and shadow
Peter Yardley via TUHS
tuhs at tuhs.org
Thu Jan 8 07:34:59 AEST 2026
Hi,
I found this on the interweb and it corresponds to my memories from my sysadmin days...
"If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)."
> On 8 Jan 2026, at 8:13 am, segaloco via TUHS <tuhs at tuhs.org> wrote:
>
> On Wednesday, January 7th, 2026 at 11:40, Ron Natalie via TUHS <tuhs at tuhs.org> wrote:
>
>> Back when the (encrypted) passwords were in /etc/password, a * was a
>> common way to make accounts that could not be logged into. This goes
>> back forwever (putting a blank password field in just meant there was no
>> password required to log in). This predated /etc/shaddow and even the
>> inclusion of the “salt” characters at the beginning of the passwords.
>> The ! to disable wasn’t something I saw. It must have come later (but
>> before people started using programs to manipulate these things).
>
> The passwd(5) (or 4 for USG stream) manpage should give some pointers.
> As of the initial System V release (pre shadow), the only defined
> behaviors of this field are either an encrypted (via crypt(3)) string
> or an empty (null) string for no password. Additionally, a password can
> be followed by a comma and then aging information. I don't see any
> explicit handling of * or !. Presumably using * just means that the
> expected output of crypt(3) is *, an unlikely if not impossible
> scenario, leading to the behavior of no login available.
>
> I'll have to check the passwd(4) page in my SVR4 manuals at home. In
> any case, that's where I'd suggest looking. If it's not in the manuals,
> it may qualify as unintended behavior or something like that, meaning
> even if there is any handling for these characters specially (which I
> couldn't find in login(1), su(1), or any of the libc passwd stuff), that
> handling was never publicized.
>
> - Matt G.
.1.3.6.1.4.1.8852.4.2
Peter Yardley
peter.martin.yardley at gmail.com
More information about the TUHS
mailing list