locked account accessable via pubkey auth
Chris Adams
cmadams at hiwaay.net
Thu Jan 31 03:09:56 EST 2002
Once upon a time, Dan Kaminsky <dan at doxpara.com> said:
> > If it is locked, the users is not allowed to change his own password. So
> he
> > can not unlock it. You get a permission denied when trying to do so.
>
> Actually, that's really useful and very cool! Which platforms support this
> behavior -- just recent Solaris, or most Unixen?
I think the old shadow-utils had the -l/-u options to passwd to lock and
unlock a password.
I added them to the passwd command that Red Hat Linux uses several years
ago and sent the patch to Red Hat (I don't know if other Linux
distributions have it).
> Can a user lock their own account?
Remember, it is the password that is locked, not the account (that's
what brought this thread up). And no, users can't do this; only root is
allowed to use -l/-u.
Compaq Tru64 Unix doesn't have this option to passwd. If you use
enhanced security, you can "usermod -x administrative_lock_applied=1
<user>" an account it can no longer log in at all (the account is
locked, not the password).
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the openssh-unix-dev
mailing list