change security so that there is a configuration value for the list of

users who will not be considered for duplicate uid check.
Seed it with 'toor' in defaults/security.conf.

etc/defaults/security.conf

@@ -1,4 +1,4 @@
-#	$NetBSD: security.conf,v 1.23 2010/02/05 16:29:02 jmmv Exp $
+#	$NetBSD: security.conf,v 1.24 2012/04/05 09:09:27 spz Exp $
 #
 # /etc/defaults/security.conf --
 #	default configuration of /etc/security.conf
@@ -41,6 +41,7 @@ check_mtree_follow_symlinks=NO
 
 check_passwd_nowarn_shells="/sbin/nologin"
 check_passwd_nowarn_users=""
+check_passwd_permit_dups="toor"
 check_passwd_permit_star=NO
 check_passwd_permit_nonalpha=NO
 max_loginlen=16

etc/security

@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$NetBSD: security,v 1.110 2011/03/02 17:00:28 christos Exp $
+#	$NetBSD: security,v 1.111 2012/04/05 09:09:27 spz Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #
 
@@ -287,14 +287,18 @@ if checkyesno check_passwd; then
 		column $OUTPUT
 	fi
 
-# To not exclude 'toor', a standard duplicate root account, from the duplicate
+	awk -v "permit_dups_list=$check_passwd_permit_dups" \
-# account test, uncomment the line below (without egrep in it)and comment
+	'
-# out the line (with egrep in it) below it.
+	BEGIN {
-#
+		split(permit_dups_list, a);
-#	< $MPBYUID uniq -d -f 1 | awk '{ print $2 }' > $TMP2
+		for (i in a) permit_dups[a[i]]++;
-	< $MPBYUID egrep -v '^toor ' | uniq -d -f 1 | awk '{ print $2 }' > $TMP2
+	}
+	{
+		if (!permit_dups[$1])
+			print $2;
+	}' < $MPBYUID | uniq -d > $TMP2
 	if [ -s $TMP2 ] ; then
-		printf "\n$MP has duplicate user id's.\n"
+		printf "\n$MP has duplicate user ids.\n"
 		while read uid; do
 			grep -w $uid $MPBYUID
 		done < $TMP2 | column