Network Security: Detailed info on Re: UF_PASSWD

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Microsoft

[Top] [All Lists]

Re: UF_PASSWD_NOTREQD user account flag

from [Petr Merta] Network Security

[Permanent Link]

Subject:	Re: UF_PASSWD_NOTREQD user account flag
Date:	Thu, 17 Mar 2005 20:48:36 +0100

Thanks for all your replies, it helped a lot. 

I've performed some more testing, and it showed up that the best explanation 
(because th shortest) is Scott's "It does not mean the password IS empty, but 
that it CAN be empty". 

Some interesting (at least for me) details found as I've played with accounts:
-- non-privileged user is always bound by (global) minimal required password 
length, so even the user with UF_PASSWD_NOTREQD flag set cannot change its 
password to empty one if min_pwd_len > 0
-- admin can change user's password to empty iff either min_pwd_len = 0 or 
user has  UF_PASSWD_NOTREQD set
-- and finally, even admin cannot set non-empty password shorter than 
min_pwd_len regardless of UF_PASSWD_NOTREQD flag

Petr

---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Basic question, Roman L. Daszczyszak II RE: Basic question, dave kleiman RE: Basic question, Laura A. Robinson RE: Basic question, Laura A. Robinson RE: Basic question, Laura A. Robinson UF_PASSWD_NOTREQD user account flag, Petr Merta Re: UF_PASSWD_NOTREQD user account flag, Matt RE: UF_PASSWD_NOTREQD user account flag, Brady McClenon RE: UF_PASSWD_NOTREQD user account flag, dave kleiman Re: UF_PASSWD_NOTREQD user account flag, Petr Merta <= RE: Basic question, Craig, Tobin (OIG) RE: Basic question, Depp, Dennis M. RE: Basic question, Ken Schaefer

Previous by Date:	RE: UF_PASSWD_NOTREQD user account flag, Brady McClenon
Next by Date:	[Full-disclosure] Cain & Abel PSK Sniffer Heap overflow, Gary O'leary-Steele
Previous by Thread:	RE: UF_PASSWD_NOTREQD user account flag, dave kleiman
Next by Thread:	RE: Basic question, Craig, Tobin (OIG)
Indexes:	[Date] [Thread] [Top] [All Lists]