From owner-freebsd-questions@FreeBSD.ORG Wed Dec 10 09:44:23 2008 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB4951065672 for ; Wed, 10 Dec 2008 09:44:23 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (prime.gushi.org [72.9.101.130]) by mx1.freebsd.org (Postfix) with ESMTP id 868F28FC17 for ; Wed, 10 Dec 2008 09:44:20 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (localhost [127.0.0.1]) by prime.gushi.org (8.14.1/8.14.1) with ESMTP id mBA9iBHx051495 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 10 Dec 2008 04:44:15 -0500 (EST) (envelope-from danm@prime.gushi.org) X-DKIM: Sendmail DKIM Filter v2.7.2 prime.gushi.org mBA9iBHx051495 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=prime.gushi.org; s=primegushiorg; t=1228885705; bh=aOwh/IguCc+88iAOGHRznlm1b4KJ9YL3u +RGGG6CJg4=; h=Date:From:To:Subject:Message-ID:MIME-Version: Content-Type; b=HUilPlmrkykiBh5BV7ueO+6aOg5N9Q4tGFYwNg7NNk7sIGUK97 aB2MAIjtMc130l//KmIbPgM3TS6Lw0tDl+PA== X-DomainKeys: Sendmail DomainKeys Filter v1.0.0 prime.gushi.org mBA9iBHx051495 DomainKey-Signature: a=rsa-sha1; s=primegushiorg; d=prime.gushi.org; c=nofws; q=dns; h=received:date:from:to:subject:message-id:user-agent: x-openpgp-key-id:mime-version:content-type; b=k7ZMUcbDFiX+I0Xbmk20Nqi7vtOS8ZpeyQFOiQ8XJqFHnPwUhjXWnKDeu+I0NSSl5 Br9VJCeTUs0KJw6NgW8Ag== Received: (from danm@localhost) by prime.gushi.org (8.14.1/8.14.1/Submit) id mBA9hpo4051332; Wed, 10 Dec 2008 04:43:51 -0500 (EST) (envelope-from danm) Date: Wed, 10 Dec 2008 04:43:50 -0500 (EST) From: "Dan Mahoney, System Admin" To: questions@freebsd.org Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-OpenPGP-Key-ID: 0x624BB249 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (prime.gushi.org [127.0.0.1]); Wed, 10 Dec 2008 05:08:25 +0000 (UTC) Cc: Subject: How to block NIS logins via ssh? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 09:44:23 -0000 Hello all, I'm noticing that when following the directions given here: http://www.freebsd.org/doc/en/books/handbook/network-nis.html For how to disable logins, the recommended action is to set the shell to /sbin/nologin. However, this is sloppy as it allows the user to log in, get the motd, do everything short of getting a shell. I've tried starring out the password in the +::::::::: entry, (and putting in a "bad" password, like x), and those don't seem to work. I am still able to connect via sshd and prove that the account works. What's happening here? -Dan -- quick, somebody tell me the moon phase please? Wrin: Plummeting. -Undernet #reboot, 9/11/01 (day of the WTC bombing) --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------