On Mon, 19 Aug 2013 22:58:10 +0200 lynn <lynn@steve-ss.com> wrote:
OK. It's not the file itself, more what I'm passing to the operating system. I'm using sssd, which seems to copy username to gecos and have / as the default home directory even if those attributes are not populated in AD. It will however allow me to leave login shell blank. getent then gives me this: cifsuser:*:3000020:20513:cifsuser:/: which gives the correct number of ":". I'm not sure whether it's sssd or AD which decides on the defaults. Anyway, a bit better.
A blank login shell is interpreted as "/bin/sh". If logins are never to be allowed for this user, I would typically set the shell to "/noshell", which does not have a special meaning, but will deny login as long as "/noshell" does not exist in the file system. Any non-existent file path would do the same thing. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org