From owner-freebsd-questions Tue Aug 22 13:23:23 1995 Return-Path: questions-owner Received: (from majordom@localhost) by freefall.FreeBSD.org (8.6.11/8.6.6) id NAA15318 for questions-outgoing; Tue, 22 Aug 1995 13:23:23 -0700 Received: from haywire.DIALix.COM (haywire.DIALix.COM [192.203.228.65]) by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id NAA15312 for ; Tue, 22 Aug 1995 13:23:19 -0700 Received: (from news@localhost) by haywire.DIALix.COM (sendmail) id EAA06453 for freebsd-questions@freebsd.org; Wed, 23 Aug 1995 04:23:13 +0800 (WST) Received: from GATEWAY by haywire.DIALix.COM with netnews for freebsd-questions@freebsd.org (problems to: usenet@haywire.dialix.com) To: freebsd-questions@freebsd.org Date: 23 Aug 1995 04:23:09 +0800 From: peter@haywire.dialix.com (Peter Wemm) Message-ID: <41debd$69i$1@haywire.DIALix.COM> Organization: DIALix Services, Perth, Australia. References: <199508212314.QAA01813@wsantee.oz.net> Subject: Re: Account expiration bug or feature? Sender: questions-owner@freebsd.org Precedence: bulk wsantee@wsantee.oz.net (Wes Santee) writes: >I noticed that when automatic account expiration goes into effect, the >users default shell isn't changed. That in and of itself is okay >because they are still denied access when trying to telnet in. >However, this still allows the user to ftp into the system because >(I'm assuming) ftpd see's a valid shell and doesn't pay attention to >the account expiration date. >Is the fact that the user can still get ftp access to system after >their account has expired considered a bug or a feature? Hmm.. Perhaps a hook in getpwent() and friends? If the account is expired, perhaps return a fake pw_shell? Of course, extreme care would need to be taken to ensure that the fake shell was not mistakenly copied back to the password file.. -Peter