>> This said, it doesn't quite address my need: rather than say "only allow >> SSH access to userfoo and userbar", I'd like to do "disallow non-GDM >> access for userfoo and userbar". > That would include the local Linux console?
I'd be OK with either choice for console logins. The original use case
was to provide an account to my daughter who was not (yet) able to
remember a strong password. She wasn't going to use a console
login either.
Stefan
