From owner-freebsd-questions@FreeBSD.ORG Tue Apr 5 22:49:40 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B746616A4CE; Tue, 5 Apr 2005 22:49:40 +0000 (GMT) Received: from prosporo.hedron.org (hedron.org [66.11.182.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4654743D31; Tue, 5 Apr 2005 22:49:40 +0000 (GMT) (envelope-from ean@hedron.org) Received: from localhost.hedron.org (localhost.hedron.org [127.0.0.1]) by prosporo.hedron.org (Postfix) with ESMTP id 93708C132; Tue, 5 Apr 2005 18:50:33 -0400 (EDT) From: Ean Kingston To: freebsd-questions@freebsd.org Date: Tue, 5 Apr 2005 18:50:32 -0400 User-Agent: KMail/1.7.2 References: <42531440.30103@adelphia.net> In-Reply-To: <42531440.30103@adelphia.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504051850.33281.ean@hedron.org> cc: Bob Ababurko cc: questions@freebsd.org Subject: Re: suspending login X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 22:49:40 -0000 On April 5, 2005 06:42 pm, Bob Ababurko wrote: > Hello all- > > I am trying to figure out how to suspend a login for a user. Do I have > to do this with password aging or is there an easier(read brute force) > way to disallow a user from logging in? the safest way is to set the shell to /sbin/nologin and the home directory to /nonexistant in your auth system. The latter is especially needed if you allow ssh for remote login since the public-key authentication mechanisms sometimes bypass the normal login restrictions. -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/