chip@pender.ee.upenn.edu (Charles H. Buchholtz) (06/06/91)
In article <44240@netnews.upenn.edu> george@mech.seas.upenn.edu writes: >:I've heard the practice of replacing this field with an '*' as 'starring-out' >:the password, making it impossible for someone to login to that ID since the >:password encryption mechanism is guaranteed to fail. I've routinely made >:this field "*LOCKED*" or "*NO LOGIN*" to achieve the same purpose. > >of interest.. no entry in the password field ( "*", null, random characters ) >"locks" the account if the user has enabled no-password rlogin via a .rlogin >entry. I suppose this is obvious, but I had to try it to find out. > >In this case you can lock the user out by corrupting his home directory entry >as well as his password. I've frequently logged in with a corrupted home directory entry in the passwd file. I get a message "No home directory! Using / for home!" or some such. You're right about rlogin, though. When I want to lock an account I change the shell to something that will print out an explanation. This is nicer for the person being locked out. It also prevents login, rlogin, telnet, , rsh, and ftp (because the shell is not listed in /etc/shells). I haven't found any way to get past this, it causes less confusion (the lockee doesn't think they forgot their password, they know exactly what happened), and four months later when you are trying to figure out why this account is locked, you can just run the shell and read the message. If you're in a hurry, you can use /bin/true for the shell. Charles H. Buchholtz chip@ee.upenn.edu Systems Programmer Electrical Engineering University of Pennsylvania.
kepowers@mbunix.mitre.org (Powers) (06/12/91)
>I've frequently logged in with a corrupted home directory entry in the >passwd file. I get a message "No home directory! Using / for home!" >or some such. You're right about rlogin, though. This is system dependent. Some behave as you have described and others refuse to let you in. -- Kelly-Erin Powers The MITRE Corporation Unix Systems Group Burlington Road (617) 271-2143 Bedford, MA 01730 kepowers@mbunix.mitre.org your_neighborhood!linus!mbunix!kepowers