Date: Wed, 06 Apr 2005 08:04:42 -0400 From: Jason Stewart <jstewart@rtl.org> To: Ean Kingston <ean@hedron.org> Cc: freebsd-questions@freebsd.org Subject: Re: suspending login Message-ID: <1112789082.28348.5.camel@mis3c.rtl.lan> In-Reply-To: <200504051850.33281.ean@hedron.org> References: <42531440.30103@adelphia.net> <200504051850.33281.ean@hedron.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2005-04-05 at 18:50 -0400, Ean Kingston wrote: > On April 5, 2005 06:42 pm, Bob Ababurko wrote: > > Hello all- > > > > I am trying to figure out how to suspend a login for a user. Do I have > > to do this with password aging or is there an easier(read brute force) > > way to disallow a user from logging in? > > the safest way is to set the shell to /sbin/nologin and the home directory > to /nonexistant in your auth system. The latter is especially needed if you > allow ssh for remote login since the public-key authentication mechanisms > sometimes bypass the normal login restrictions. > Am I mistaken here, or will doing that only deny the user a shell and home directory? The user will still be able to authenticate against the password database right? To the best of my knowledge the "correct" way of doing this is either the asterisk method in the password field using vipw or the more user friendly way of using pw(8) with the lock command. Jason
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1112789082.28348.5.camel>