> > I want to set up a secondary server, but I don't want to allow users to
> > login to it. I've seen scattered references to a "FILE" authentication
> > method, but I haven't been able to figure out what file it uses for
> > lookup, or what its format is (or even how the passwords are encrypted,
> > and thus if I can do what I want). Any help?
> If you use 100% NIS, then, I guess, the following line at the end of the
> file /etc/paaswd wiil help:
> +:*::::/dev/null:/bin/false
> Users will be authenozed but not allowed to log in.
>
> If you use local /etc/passwd without NIS, create the record like this
> for every user
> <username>:SHADOW:<uid>:<gid>:<info>:/dev/null:/bin/false
> second field depend on the particular system.
(not using NIS)
However, this approach requires me to deal with all sorts of
silliness...like what happens to mail to these accounts, making sure
users can't do anything dangerous/disruptive with braindead programs that
don't check /etc/shells...I decided that giving the users accounts on the
backup RADIUS server was both overkill and a possible security risk.
// Matt Zimmerman Chief of System Management NetRail, Inc.
// Work..........mdz@netrail.net | Play...gemini@alcor.netrail.net
// (703) 524-4800 [voice] (703) 524-4802 [data] (703) 534-5033 [fax]