On Wednesday 29 October 2008, Bill Campbell wrote: > On Wed, Oct 29, 2008, Peter Kjellstrom wrote: > >On Tuesday 28 October 2008, R P Herrold wrote: > >> On Tue, 28 Oct 2008, Tom Brown wrote: > >> > I need to create some local users but then 'disable' that user. I know > >> > i can enable and disable the user by using usermod -L and -U but does > >> > anyone know if there is a way for me to see the current status of the > >> > user? ie locked or unlocked? > >> > >> [herrold@mailhub ~]$ sudo passwd -l archive > >> Locking password for user archive. > >> passwd: Success > >> [herrold@mailhub ~]$ sudo passwd -S archive > >> archive LK 2008-07-15 0 99999 7 -1 (Password locked.) > >> [herrold@mailhub ~]$ > > > >Worth noting is that this locking only refers to password authentication. > > If the user has a key in his/hers authorized_keys then they will still be > > able to login. > > I'm not sure that is true. Well I am. Now I've even tried it and on both centos-4 and centos-5 I had no problems authenticating with my public key when my shadow entry started with "!!". If you truely want to lock an account (all access and use) then you have many things to consider including: * .ssh/authorized_keys * .forward * crond * atd * running processes ... /Peter
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
