Don't consider an account disabled just because the password length != 13.

Also, take into account users w/ the blowfish cypher.

diff --git a/etc/security b/etc/security
index 2280321..6950235 100644 (file)
--- a/etc/security
+++ b/etc/security
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#      $OpenBSD: security,v 1.17 1996/12/10 07:26:01 deraadt Exp $
+#      $OpenBSD: security,v 1.18 1997/03/17 20:17:57 gene Exp $
 #      from: @(#)security      8.1 (Berkeley) 6/9/93
 #
 
@@ -43,7 +43,7 @@ awk -F: '{
                printf("Login %s has more than 8 characters.\n", $1);
        if ($2 == "")
                printf("Login %s has no password.\n", $1);
-       if ((length($2) != 13 && ($10 ~ /.*sh$/ || $10 == "")) && system("if grep -q \"^"$1" \" /etc/skeykeys || test -d "$9"/.ssh -a ! -O "$9"/.ssh ; then exit 1 ; fi ; for i in .rhosts .shosts .klogin ; do test -s "$9"/$i -a ! -O "$9"/$i && exit 1 ; done ; exit 0") != 0)
+       if ((length($2) != 13 && ($10 ~ /.*sh$/ || $10 == "")) && ($2 !~ /^\$[0-9]+\$/) && system("if grep -q \"^"$1" \" /etc/skeykeys || test -d "$9"/.ssh -a ! -O "$9"/.ssh ; then exit 1 ; fi ; for i in .rhosts .shosts .klogin ; do test -s "$9"/$i -a ! -O "$9"/$i && exit 1 ; done ; exit 0") != 0)
                printf("Login %s is off but still has a valid shell.\n", $1);
        if ($3 == 0 && $1 != "root")
                printf("Login %s has a user id of 0.\n", $1);