lynn said the following on 08/20/2013 01:12 PM:
On Tue, 2013-08-20 at 10:45 -0400, Anton Aylward wrote:
Perhaps if you gave us a little more context about the circstances in which that acount is being used.
Yes, sorry.
12.3 AD DC (ldap to normal people) with 12.3 and w7 clients. Here's an example from a client /etc/fstab //altea/users /home/users cifs nobrl,sec=krb5,username=cifsuser,multiuser 0 0
cifsuser is necessary for the cifs.upcall scan of the keytab.
I want to be sure that the smartarses can't authenticate as cifsuser. Kerberos takes care of the rest.
If your issue is AUTHENTICATE then put a "*" in the password field. See "man 5 passwd" which says password This is either the encrypted user password, an asterisk (*), or the letter 'x'. (See pwconv(8) for an explanation of 'x'.) The 'x' means 'use the shadow password file. You want "*" which blocks any AUTHENTICATION for that account. -- How long did the whining go on when KDE2 went on KDE3? The only universal constant is change. If a species can not adapt it goes extinct. That's the law of the universe, adapt or die. -- Billie Walsh, May 18 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org