RE: OT: disabling login

To: debian-user@lists.debian.org
Subject: RE: OT: disabling login
From: KenrickC@aap.com.au
Date: Fri, 22 Feb 2002 10:45:19 +1100
Message-id: <[🔎] 436F3F40907ED04B8BBD68F10B912D6434C4A0@mailman.prod.aap>

> > Hi,
> > 
> > On a multi-user system, how can I "turn off" an account?  Not
> > remove it, though, since at a later time, it will have to be
> > re-enabled?  While we're at it, how to you re-enable a disabled
> > account?
> 
> File a bug against passwd, tell them to rewrite shadow(5) and 
> passwd(5) manpages. 

>?????

>As others have pointed out, "passwd -l" locks an account, and it's
>documented in "man passwd".

> Generally, anything that's not a 13-char alphanumeric string 
> is considered a "lock" string. People usually use "*", "LK",
> or "NP". Pick one and put it in password field in /etc/shadow
> (save original password if you plan to enable the account with
> original password).
> 
> Note that they can still login via ssh + key auth, so remove
> their ~/.ssh/authorized_keys[2] if you have that (rename 
> instead of removing, if you want to re-enable it later).

>How, if the password has been mangled?

Actually, he's partly right.  passwd -l successfully locks the 
account as documented, but the ssh key exchange mechanism doesn't
rely on password authentication.  So if you're using ssh, you'll
either need to rename the users ~/.ssh/authorized_keys file or
(temporarily?) disable ssh for that account (some sshd configuration option 
somewhere).

- Chris


**********************************************************************
This electronic mail is intended for the use of the addressee only. If you receive this electronic mail in error, please delete it immediately. It may also contain confidential information. You may not use or disclose any confidential information.

The statements or views expressed in this electronic mail are those of the individual sender and are not those of AAP Pty Ltd. These statements are not binding on AAP, except where the sender expressly and with authority, states them to be.

AAP is unable to review the contents of all of the electronic mail on its system. To the extent permitted by law, AAP disclaims all liability for any loss or damage caused by the contents of this electronic mail.
**********************************************************************

Reply to:

Prev by Date: Re: Spamassassin, fetchmail, exim, and system resource issues
Next by Date: Re: OT: disabling login
Previous by thread: Re: OT: disabling login
Next by thread: Spamassassin, fetchmail, exim, and system resource issues
Index(es):
- Date
- Thread