Date: Wed, 21 Oct 1998 23:59:25 +0100 (BST) From: Karl Pielorz <kpielorz@tdx.co.uk> To: Mike Fisher <mfisher@csh.rit.edu> Cc: Karl Pielorz <karl@tdx.com>, Sandro Santos Andrade <sandro@compacto.nexos.com.br>, freebsd-isp@FreeBSD.ORG Subject: Re: Comparison for dial up servers ... Message-ID: <Pine.BSF.4.05.9810212358010.12307-100000@caladan.tdx.co.uk> In-Reply-To: <Pine.BSF.4.05.9810211806180.16079-100000@d111-l052.rh.rit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Oct 1998, Mike Fisher wrote: > On Wed, 21 Oct 1998, Karl Pielorz wrote: > > > If they have a '*' as their first character they cannot log in... > > This is not correct. If the user has setup S/Key authentication or uses > non-password based authentication (like .rhosts/.shosts), they do not need > a valid password entry -- but they do require a valid shell, since the > shell changing capacities of the .login_conf do not currently work. Granted, but it works fine for PPP and Radius, which is what I thought was being discussed at the time... ;-) > If you want to truly disable an account, do both -- change their shell to > /sbin/nologin (or a local alternative) and put the '*' at the beginning of > the password field. They never have valid shells on our system anyway... But there again, we never have provided shell access... Regards, Karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9810212358010.12307-100000>