In message <199903162358.PAA06908@Cup.DSG.Stanford.EDU>, Jonathan Stone writes:
>The obvious technical question is whether to filter out just
>    ^toor:*:
>or try and filter out all login accounts with disabled passwd fields.

There are other ways to get access to an account.
	-r-sr-xr-x  1 toor  bin  148852 Nov 13 12:50 /usr/home/foo/bin/sh

Not sure the system is smart enough to spot something like that.  Certainly
easy to get buried.

>Comments?  Do we Really Need a /bin/sh superuser login until this gets
>resolved, even with the warnings from /etc/security?

I don't think so.  I prefer sh, but it's not goiong to break me to have to
type it in.

-s