kenny@uiucdcsb.cs.uiuc.edu (10/26/86)
/* Written 7:36 pm Oct 24, 1986 by eric@cti.UUCP in uiucdcsb:net.unix-wizards */ [ ... ] >There is always an amount of turnover at universities and companies, and >user accounts need to be zapped and/or de-activated. Many times, however, >the *files* owned by those folks, in those directories, want to remain; >there are also occasions where it is desirable to temporarily prevent a user >or account from logging in. A superuser (or adequately privileged user) can >zap the user's password, either with the passwd command or by editing the >/etc/passwd file, but since there is "no" way to determine a user's password >from the encrypted form in /etc/passwd, it's hard to set it back. >A convenient method is to edit the passwd file and insert some character >at the beginning of the password string. I like to use '%', because it is >one of the characters that is never generated in an encryption string and >is easy to find and edit out later. A password can NEVER be entered which >matches the user's (new) password, preventing logins (and su's other than >by root), yet it is easy to give that person his/her password back. >Eric Black "Garbage In, Gospel Out" The method we use here is to add a program, /usr/local/shZAPPED, which prints a message indicating that one's account has been deactivated and terminates. Changing the user's shell to be this program forbids logging in but does nothing to the files, account name, OR password. Kevin Kenny UUCP: {ihnp4,pur-ee,convex}!uiucdcs!kenny Department of Computer Science ARPA: kenny@B.CS.UIUC.EDU (kenny@UIUC.ARPA) University of Illinois CSNET: kenny@UIUC.CSNET 1304 W. Springfield Ave. Urbana, Illinois, 61801 Voice: (217) 333-7980