Mailinglist Archive: opensuse (880 mails)

< Previous Next >
Re: [opensuse] /etc/passwd compulsory fields
lynn said the following on 08/20/2013 01:12 PM:
On Tue, 2013-08-20 at 10:45 -0400, Anton Aylward wrote:


Perhaps if you gave us a little more context about the circstances in
which that acount is being used.

Yes, sorry.

12.3 AD DC (ldap to normal people) with 12.3 and w7 clients.
Here's an example from a client /etc/fstab
//altea/users /home/users cifs
nobrl,sec=krb5,username=cifsuser,multiuser 0 0

cifsuser is necessary for the cifs.upcall scan of the keytab.

I want to be sure that the smartarses can't authenticate as cifsuser.
Kerberos takes care of the rest.

If your issue is AUTHENTICATE then put a "*" in the password field.
See "man 5 passwd" which says

password This is either the encrypted user password, an
asterisk (*), or the letter 'x'. (See pwconv(8)
for an explanation of 'x'.)

The 'x' means 'use the shadow password file.
You want "*" which blocks any AUTHENTICATION for that account.

--
How long did the whining go on when KDE2 went on KDE3?

The only universal constant is change. If a species can not adapt it
goes extinct. That's the law of the universe, adapt or die.
-- Billie Walsh, May 18 2013
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >