[CentOS] Checking if a user is 'Disabled'

Thu Oct 30 09:20:01 UTC 2008
Peter Kjellstrom <cap at nsc.liu.se>

On Wednesday 29 October 2008, Bill Campbell wrote:
> On Wed, Oct 29, 2008, Peter Kjellstrom wrote:
> >On Tuesday 28 October 2008, R P Herrold wrote:
> >> On Tue, 28 Oct 2008, Tom Brown wrote:
> >> > I need to create some local users but then 'disable' that user. I know
> >> > i can enable and disable the user by using usermod -L and -U but does
> >> > anyone know if there is a way for me to see the current status of the
> >> > user? ie locked or unlocked?
> >>
> >> [herrold at mailhub ~]$ sudo passwd -l archive
> >> Locking password for user archive.
> >> passwd: Success
> >> [herrold at mailhub ~]$ sudo passwd -S archive
> >> archive LK 2008-07-15 0 99999 7 -1 (Password locked.)
> >> [herrold at mailhub ~]$
> >
> >Worth noting is that this locking only refers to password authentication.
> > If the user has a key in his/hers authorized_keys then they will still be
> > able to login.
>
> I'm not sure that is true.

Well I am. Now I've even tried it and on both centos-4 and centos-5 I had no 
problems authenticating with my public key when my shadow entry started 
with "!!".

If you truely want to lock an account (all access and use) then you have many 
things to consider including:

* .ssh/authorized_keys
* .forward
* crond
* atd
* running processes
...

/Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20081030/03cfc47c/attachment-0005.sig>