> Oh no. It has been 1 day and my "bug" is not fixed! I must blog about it so > the world listens to me... also no one has presented a /good/ reason for not fixing it, only reasons they don't think it should be fixed. you could do abc or d things that I can think of... but no one has said why security shouldn't be tighter for kde. what's the negative impact? why aren't failed logins being logged right now? why can users login if they have an account but no valid shell? seriously? what's the reason that this should not be fixed? that there MAY be acceptable alternatives? I dont' find the GUI option acceptable, because it's too kde specific, and (probably) doesn't affect a thing if I change login managers. only one of the options you suggest actually do what I need to do... but for some reason it didn't take immediate effect when I tried it. > 1) change password for that user > 2) put an asterisk "*" at the beginning of the second field (before the > encrypted password) in the file /etc/shadow. > 3) set an account expiry date using chage > 3) userdel is permanent one step procedure that works very well... also 1 and 2 probably don't affect alternative forms of authentication... such as key auth, and thus do not effectively disable the account. -- Caleb Cushing http://xenoterracide.blogspot.com
