[X-Unix] Remote force logout and lockout of user
James Bucanek
subscriber at gloaming.com
Tue Jun 15 09:34:28 PDT 2004
Alexandre Gauthier wrote on Tuesday, June 15, 2004:
>
>On 15/06/04 00:45, "luke" <etyrnal at ameritech.net> wrote:
>
>>
>> On Monday, June 14, 2004, at 08:24 AM, Craig A. Finseth wrote:
>>
>>> sure would be cool to find out that there is a unix-way to set a
>>> enable/disable account bit for a user...
>>>
>>> There is. Change their login shell to /dev/null and change their
>>> _encyrpted_ password text in /etc/shadow to something like "***no
>>> login***" (or any other text that can _not_ be output by the crypt(2)
>>> call).
>>>
>>> These changes keep someone from logging in, but won't affect current
>>
>> how does that work for re-enabling?
>>
>> their password is now gone.
>>
>
>Hence why the exclamation mark trick.
Set the passwd property back to '********'. The account is now reenabled with their old password.
>However, the passwd and shadow files are not used under OS X, it relies upon
>netinfo.
Shawdow files are most definately used in OS X (at least 10.3). See the 'authentication_authority' and 'generateduid' properies. Any account created in 10.3, or one that has had their password changed since upgrading to 10.3, will have their password stored in a shadow file not the nidb.
______________________________________________________
James Bucanek <mailto:privatereply at gloaming.com>
More information about the X-Unix
mailing list