Date: Wed, 21 Oct 1998 18:19:26 -0400 (EDT) From: Mike Fisher <mfisher@csh.rit.edu> To: Karl Pielorz <karl@tdx.com> Cc: Sandro Santos Andrade <sandro@compacto.nexos.com.br>, freebsd-isp@FreeBSD.ORG Subject: Re: Comparison for dial up servers ... Message-ID: <Pine.BSF.4.05.9810211806180.16079-100000@d111-l052.rh.rit.edu> In-Reply-To: <362E4D5C.9503828A@tdx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Oct 1998, Karl Pielorz wrote:
> > temporarily an account.
>
> The way I temporarily disable an account is to run vipw, find the account in
> the password file - and add a '*' as the _first_ character of their
> password... Be careful you don't corrupt their actual password, as there
> one-way encrypted...
>
> If they have a '*' as their first character they cannot log in...
This is not correct. If the user has setup S/Key authentication or uses
non-password based authentication (like .rhosts/.shosts), they do not need
a valid password entry -- but they do require a valid shell, since the
shell changing capacities of the .login_conf do not currently work.
If you want to truly disable an account, do both -- change their shell to
/sbin/nologin (or a local alternative) and put the '*' at the beginning of
the password field.
--
Mike
"...check your premises. You will find that one of them is wrong."
--Ayn Rand, _Atlas Shrugged_
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9810211806180.16079-100000>