I have a Sun-Blade 100 sun sparc server and I as root tried to create a user say user1 whose password is set to no-pass and another user say user2 whose password is set 'locked'.But if I try to login as user1 or as user2 I am prompted for a password which I feel shouldn't happen.Any comments please.
Thanks Sudatta
Ideally, a system will give out no information to people who have not logged in. Until you prove who you are, the system should act in exactly the same way when you specify a user name that is invalid, a user name that is "locked out", a user name with a real password, and a user name with a zero-length password (i.e., no password). In all cases, the system should prompt for a password. If there is no correct password for that user name or you give an incorrect password, the system should take about the same amount of time before giving the same error message. If you really want to be picky, the CPU should generate about the same amount of heat, put out similar electromagnitic radiation, and make similar accesses to any I/O device while "deciding" to not let you in. You should get no hint about whether the username might have been valid.
Richard
