Re: OT: disabling login
On Thu, 21 Feb 2002 17:16:38 -0600 Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu> wrote:
> * Ron Johnson (ron.l.johnson@cox.net) spake thusly:
> > Hi,
> >
> > On a multi-user system, how can I "turn off" an account? Not
> > remove it, though, since at a later time, it will have to be
> > re-enabled? While we're at it, how to you re-enable a disabled
> > account?
>
> File a bug against passwd, tell them to rewrite shadow(5) and
> passwd(5) manpages.
?????
As others have pointed out, "passwd -l" locks an account, and it's
documented in "man passwd".
> Generally, anything that's not a 13-char alphanumeric string
> is considered a "lock" string. People usually use "*", "LK",
> or "NP". Pick one and put it in password field in /etc/shadow
> (save original password if you plan to enable the account with
> original password).
>
> Note that they can still login via ssh + key auth, so remove
> their ~/.ssh/authorized_keys[2] if you have that (rename
> instead of removing, if you want to re-enable it later).
How, if the password has been mangled?
--
+------------------------------------------------------------+
| Ron Johnson, Jr. Home: ron.l.johnson@cox.net |
| Jefferson, LA USA http://ronandheather.dhs.org:81 |
| |
| 484,246 sq mi are needed for 6 billion people to live, 4 !
! persons per lot, in lots that are 60'x150'. |
! That is ~ California, Texas and Missouri. !
! Alternatively, France, Spain and The United Kingdom. |
+------------------------------------------------------------+
Reply to: