[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Not allow users to change passwd

To: Brian Somers <brian@Awfulhak.org>
Subject: Re: Not allow users to change passwd
From: David Leonard <leonard@csee.uq.edu.au>
Date: Thu, 16 Sep 1999 10:57:51 +1000 (EST)
Cc: Tony Sarendal <tony@torped.se>, misc@openbsd.org

On Wed, 15 Sep 1999, Brian Somers wrote:

> > Hi oBSD'ers.
> > 
> > I have a server (yes my old crappy one) where people can log
> > in only if they've sent me their public ssh key.
> > 
> > I want to disable their regular Unix password, and make sure
> > they can't change it.
> > 
> > What is the best way of doing this ?
> 
> You don't actually have to do anything smart :*)  If you just vipw 
> and * out everyones password your job is done.  Remember, passwd will 
> prompt the user for their old password !

to avoid the nightly security stuff from winging about 'disabled' accounts;
I have passwd entries like this:

aklwong:***ssh*only**:5125:5125:Kai Leung Wong:/home/aklwong:/usr/local/bin/tcsh
btonkes:***ssh*only**:6608:6608:Brad Tonkes:/home/btonkes:/bin/ksh

--
David Leonard                           David.Leonard@csee.uq.edu.au
Dept of Comp. Sci. and Elec. Engg   _   Room:78-624  Ph:+61 7 336 52447
The University of Queensland       |+|  http://www.csee.uq.edu.au/~leonard/
QLD 4072  AUSTRALIA               ~` '~ E2A24DC6446E5779D7AFC41AA04E6401

Pi has so far been computed to over a billion places and no pattern in the
digits has been discovered, other than the obvious one. - Francis Barrett

References:
- Re: Not allow users to change passwd
  - From: Brian Somers <brian@Awfulhak.org>

Prev by Date: Re: PPPoE
Next by Date: libkvm on i386
Prev by thread: Re: Not allow users to change passwd
Next by thread: Re: Not allow users to change passwd
Index(es):
- Date
- Thread