* Michael.James@csiro.au wrote on Mon, Sep 29, 2003 at 12:36 +1000:
Most of my users don't have entries in shadow, they depend on pam_krb5 for authentication.
useradd creates them automatically.
I want for everyone else (system accounts like FTP and regular users) to be denied even the possibility of a locally stored password.
I do not understand what you mean. Do you want to deny them (from what, BTW?) even if they have a valid password?
THIS passwd just bungs the encrypted string into /etc/passwd! Argh! Nobody ever wants to go back to un-shadowed passwords. How can I turn off this unwantedly obliging behaviour?
Use as intended :-) To lock an account, try passwd -l username. Maybe you can configure via PAM what you wish; if you want to restrict shell access you can configure OpenSSH quite a lot. Ohh, and finally, feel free to patch passwd or create your own one, it's not that difficult, but I would not recommend that... oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.