Focus on Microsoft
Basic question Mar 10 2005 08:56PM
Roman L. Daszczyszak II (romandas gmail com) (2 replies)
RE: Basic question Mar 15 2005 02:14AM
Laura A. Robinson (larobins bellatlantic net) (1 replies)
UF_PASSWD_NOTREQD user account flag Mar 15 2005 11:23PM
Petr Merta (pmerta lynguent com) (2 replies)
Re: UF_PASSWD_NOTREQD user account flag Mar 16 2005 08:52PM
Matt (smp repicky gmail com) (1 replies)
RE: UF_PASSWD_NOTREQD user account flag Mar 16 2005 09:25PM
Brady McClenon (mcclenon albany edu)
RE: UF_PASSWD_NOTREQD user account flag Mar 16 2005 06:43PM
dave kleiman (dave isecureu com) (1 replies)
Re: UF_PASSWD_NOTREQD user account flag Mar 17 2005 07:48PM
Petr Merta (pmerta lynguent com)
Thanks for all your replies, it helped a lot.

I've performed some more testing, and it showed up that the best explanation
(because th shortest) is Scott's "It does not mean the password IS empty, but
that it CAN be empty".

Some interesting (at least for me) details found as I've played with accounts:
-- non-privileged user is always bound by (global) minimal required password
length, so even the user with UF_PASSWD_NOTREQD flag set cannot change its
password to empty one if min_pwd_len > 0
-- admin can change user's password to empty iff either min_pwd_len = 0 or
user has UF_PASSWD_NOTREQD set
-- and finally, even admin cannot set non-empty password shorter than
min_pwd_len regardless of UF_PASSWD_NOTREQD flag

Petr

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

[ reply ]
RE: Basic question Mar 11 2005 10:03AM
dave kleiman (dave isecureu com) (1 replies)
RE: Basic question Mar 13 2005 11:51PM
Laura A. Robinson (larobins bellatlantic net) (1 replies)
RE: Basic question Mar 15 2005 12:36AM
Laura A. Robinson (larobins bellatlantic net)


 

Privacy Statement
Copyright 2010, SecurityFocus