From owner-freebsd-isp  Wed Oct 21 15:20:56 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA19718
          for freebsd-isp-outgoing; Wed, 21 Oct 1998 15:20:56 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from parsons.rh.rit.edu (d111-l052.rh.rit.edu [129.21.111.52])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA19704
          for <freebsd-isp@freebsd.org>; Wed, 21 Oct 1998 15:20:50 -0700 (PDT)
          (envelope-from mfisher@csh.rit.edu)
Received: from mfisher (helo=localhost)
	by parsons.rh.rit.edu with local-esmtp (Exim 2.05 #1)
	id 0zW6bG-0004Bu-00; Wed, 21 Oct 1998 18:19:26 -0400
Date: Wed, 21 Oct 1998 18:19:26 -0400 (EDT)
From: Mike Fisher <mfisher@csh.rit.edu>
X-Sender: mfisher@d111-l052.rh.rit.edu
To: Karl Pielorz <karl@tdx.com>
cc: Sandro Santos Andrade <sandro@compacto.nexos.com.br>,
        freebsd-isp@FreeBSD.ORG
Subject: Re: Comparison for dial up servers ...
In-Reply-To: <362E4D5C.9503828A@tdx.com>
Message-ID: <Pine.BSF.4.05.9810211806180.16079-100000@d111-l052.rh.rit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 21 Oct 1998, Karl Pielorz wrote:

> > temporarily an account.
> 
> The way I temporarily disable an account is to run vipw, find the account in
> the password file - and add a '*' as the _first_ character of their
> password... Be careful you don't corrupt their actual password, as there
> one-way encrypted...
> 
> If they have a '*' as their first character they cannot log in...

This is not correct.  If the user has setup S/Key authentication or uses
non-password based authentication (like .rhosts/.shosts), they do not need
a valid password entry -- but they do require a valid shell, since the
shell changing capacities of the .login_conf do not currently work.

If you want to truly disable an account, do both -- change their shell to
/sbin/nologin (or a local alternative) and put the '*' at the beginning of
the password field.

--
Mike
  "...check your premises.  You will find that one of them is wrong."
         --Ayn Rand, _Atlas Shrugged_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message