From owner-freebsd-stable Tue Jul 14 12:53:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA02949 for freebsd-stable-outgoing; Tue, 14 Jul 1998 12:53:00 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from pop.uniserve.com (pop.uniserve.com [204.244.156.3]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA02940 for ; Tue, 14 Jul 1998 12:52:58 -0700 (PDT) (envelope-from tom@uniserve.com) Received: from shell.uniserve.ca [204.244.186.218] by pop.uniserve.com with smtp (Exim 1.82 #4) id 0ywB7l-0007gD-00; Tue, 14 Jul 1998 12:52:30 -0700 Date: Tue, 14 Jul 1998 12:52:27 -0700 (PDT) From: Tom X-Sender: tom@shell.uniserve.ca To: Paulo Fragoso cc: Wes Peters , jer@jorsm.com, freebsd-stable@FreeBSD.ORG Subject: Re: Finger and getpwent In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 14 Jul 1998, Paulo Fragoso wrote: > > > A *somewhat* better solution is to use my nologin program, which logs > > > attempts to login to disabled accounts via syslog. You can retrieve > > > > Except that nologin just stops shell logins, not all password > > authentication. So POP, IMAP, some FTP, RADIUS, all suceed. Munging the > > password field is better. Attempts to access disabled accounts is logged > > as well, as will all incorrect passwords. > > > > Because this I can't use "nologin" shells. I'm using "*" in initial > password string insted "#" in the beginning of line. > > I would like in future to use "#" in the beginning of the line. Because > it's more visualy :-) It also has a very different effect. Munging the password field by adding a "*" simply disables all authentiction, but the user still exists. This means that mail is still received. If the user is commented out, the user ceases to exist, and mail bounces. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message