Re: OT: disabling login
* Ron Johnson (ron.l.johnson@cox.net) spake thusly:
> Hi,
>
> On a multi-user system, how can I "turn off" an account? Not
> remove it, though, since at a later time, it will have to be
> re-enabled? While we're at it, how to you re-enable a disabled
> account?
File a bug against passwd, tell them to rewrite shadow(5) and
passwd(5) manpages.
Generally, anything that's not a 13-char alphanumeric string
is considered a "lock" string. People usually use "*", "LK",
or "NP". Pick one and put it in password field in /etc/shadow
(save original password if you plan to enable the account with
original password).
Note that they can still login via ssh + key auth, so remove
their ~/.ssh/authorized_keys[2] if you have that (rename
instead of removing, if you want to re-enable it later).
Dima (assembly is the reversal of the removal procedure)
--
We're sysadmins. Sanity happens to other people. -- Chris King
Reply to: