From owner-freebsd-isp Wed Oct 21 16:03:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA24157 for freebsd-isp-outgoing; Wed, 21 Oct 1998 16:03:51 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA24065 for ; Wed, 21 Oct 1998 16:03:03 -0700 (PDT) (envelope-from kpielorz@tdx.co.uk) Received: from localhost (kpielorz@localhost) by caladan.tdx.co.uk (8.9.1a/8.9.1) with ESMTP id XAA12358; Wed, 21 Oct 1998 23:59:25 +0100 (BST) Date: Wed, 21 Oct 1998 23:59:25 +0100 (BST) From: Karl Pielorz To: Mike Fisher cc: Karl Pielorz , Sandro Santos Andrade , freebsd-isp@FreeBSD.ORG Subject: Re: Comparison for dial up servers ... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 21 Oct 1998, Mike Fisher wrote: > On Wed, 21 Oct 1998, Karl Pielorz wrote: > > > If they have a '*' as their first character they cannot log in... > > This is not correct. If the user has setup S/Key authentication or uses > non-password based authentication (like .rhosts/.shosts), they do not need > a valid password entry -- but they do require a valid shell, since the > shell changing capacities of the .login_conf do not currently work. Granted, but it works fine for PPP and Radius, which is what I thought was being discussed at the time... ;-) > If you want to truly disable an account, do both -- change their shell to > /sbin/nologin (or a local alternative) and put the '*' at the beginning of > the password field. They never have valid shells on our system anyway... But there again, we never have provided shell access... Regards, Karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message