On Wednesday 29 October 2008, Bill Campbell wrote: > On Wed, Oct 29, 2008, Peter Kjellstrom wrote: > >On Tuesday 28 October 2008, R P Herrold wrote: > >> On Tue, 28 Oct 2008, Tom Brown wrote: > >> > I need to create some local users but then 'disable' that user. I know > >> > i can enable and disable the user by using usermod -L and -U but does > >> > anyone know if there is a way for me to see the current status of the > >> > user? ie locked or unlocked? > >> > >> [herrold at mailhub ~]$ sudo passwd -l archive > >> Locking password for user archive. > >> passwd: Success > >> [herrold at mailhub ~]$ sudo passwd -S archive > >> archive LK 2008-07-15 0 99999 7 -1 (Password locked.) > >> [herrold at mailhub ~]$ > > > >Worth noting is that this locking only refers to password authentication. > > If the user has a key in his/hers authorized_keys then they will still be > > able to login. > > I'm not sure that is true. Well I am. Now I've even tried it and on both centos-4 and centos-5 I had no problems authenticating with my public key when my shadow entry started with "!!". If you truely want to lock an account (all access and use) then you have many things to consider including: * .ssh/authorized_keys * .forward * crond * atd * running processes ... /Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20081030/03cfc47c/attachment-0005.sig>