Re: OT: disabling login

[Ron Johnson <ron.l.johnson@cox.net>]

On Thu, 21 Feb 2002 17:16:38 -0600 Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu> wrote:

> * Ron Johnson (ron.l.johnson@cox.net) spake thusly:
> > Hi,
> > 
> > On a multi-user system, how can I "turn off" an account?  Not
> > remove it, though, since at a later time, it will have to be
> > re-enabled?  While we're at it, how to you re-enable a disabled
> > account?
> 
> File a bug against passwd, tell them to rewrite shadow(5) and 
> passwd(5) manpages. 

?????

As others have pointed out, "passwd -l" locks an account, and it's
documented in "man passwd".

> Generally, anything that's not a 13-char alphanumeric string 
> is considered a "lock" string. People usually use "*", "LK",
> or "NP". Pick one and put it in password field in /etc/shadow
> (save original password if you plan to enable the account with
> original password).
> 
> Note that they can still login via ssh + key auth, so remove
> their ~/.ssh/authorized_keys[2] if you have that (rename 
> instead of removing, if you want to re-enable it later).

How, if the password has been mangled?

-- 
+------------------------------------------------------------+
| Ron Johnson, Jr.        Home: ron.l.johnson@cox.net        |
| Jefferson, LA  USA      http://ronandheather.dhs.org:81    |
|                                                            |
| 484,246 sq mi are needed for 6 billion people to live, 4   !
! persons per lot, in lots that are 60'x150'.                |
! That is ~ California, Texas and Missouri.                  !
! Alternatively, France, Spain and The United Kingdom.       |
+------------------------------------------------------------+