Re: OT: disabling login

To: Debian-User ML <debian-user@lists.debian.org>
Subject: Re: OT: disabling login
From: Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>
Date: Thu, 21 Feb 2002 17:16:38 -0600
Message-id: <[🔎] 20020221231638.GA11661@bmrb.wisc.edu>
Mail-followup-to: Debian-User ML <debian-user@lists.debian.org>
Reply-to: dmaziuk@yola.bmrb.wisc.edu
In-reply-to: <[🔎] 20020221164351.2016ff42.ron.l.johnson@cox.net>
References: <[🔎] 20020221164351.2016ff42.ron.l.johnson@cox.net>

* Ron Johnson (ron.l.johnson@cox.net) spake thusly:
> Hi,
> 
> On a multi-user system, how can I "turn off" an account?  Not
> remove it, though, since at a later time, it will have to be
> re-enabled?  While we're at it, how to you re-enable a disabled
> account?

File a bug against passwd, tell them to rewrite shadow(5) and 
passwd(5) manpages. 

Generally, anything that's not a 13-char alphanumeric string 
is considered a "lock" string. People usually use "*", "LK",
or "NP". Pick one and put it in password field in /etc/shadow
(save original password if you plan to enable the account with
original password).

Note that they can still login via ssh + key auth, so remove
their ~/.ssh/authorized_keys[2] if you have that (rename 
instead of removing, if you want to re-enable it later).

Dima (assembly is the reversal of the removal procedure)
-- 
We're sysadmins. Sanity happens to other people.                  -- Chris King

Reply to:

Follow-Ups:
- Re: OT: disabling login
  - From: Ron Johnson <ron.l.johnson@cox.net>

References:
- OT: disabling login
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: Netscape: Can't enable javascript anymore
Next by Date: Re: OT: disabling login
Previous by thread: RE: disabling login
Next by thread: Re: OT: disabling login
Index(es):
- Date
- Thread