From owner-freebsd-security  Fri May 22 08:27:43 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA08011
          for freebsd-security-outgoing; Fri, 22 May 1998 08:27:43 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from echonyc.com (echonyc.com [198.67.15.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA07984
          for <freebsd-security@freebsd.org>; Fri, 22 May 1998 08:27:32 -0700 (PDT)
          (envelope-from benedict@echonyc.com)
Received: from localhost (benedict@localhost)
	by echonyc.com (8.8.7/8.8.7) with SMTP id LAA25215;
	Fri, 22 May 1998 11:27:09 -0400 (EDT)
Date: Fri, 22 May 1998 11:27:09 -0400 (EDT)
From: Snob Art Genre <benedict@echonyc.com>
Reply-To: ben@rosengart.com
To: Mike Smith <mike@smith.net.au>
cc: Philippe Regnauld <regnauld@deepo.prosa.dk>, freebsd-security@FreeBSD.ORG
Subject: Re: SKey and locked account 
In-Reply-To: <199805212338.QAA05467@antipodes.cdrom.com>
Message-ID: <Pine.GSO.3.96.980522112610.18198B-100000@echonyc.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

On Thu, 21 May 1998, Mike Smith wrote:

> If you wish to disable a user's account, you should set their shell to 
> something nonexistent.  (Note that ssh may still be a way past this.)

How?  I don't like this: isn't it standard practice across unixes to set
a nonexistent shell to disable logins?  POLA etc.


 Ben

"You have your mind on computers, it seems." 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message