What I'm doing to keep people from logging in via ssh is setting the shell to /usr/bin/passwd. Then when someone connects with ssh, they can change their password, but that's all the can do. Their new password works with CIFS (Samba), since I have:
other password required pam_smb_passwd.so.1 nowarn at the end of /etc/pam.conf. Martin > Date: Tue, 6 Mar 2012 18:31:44 +0400 > From: Gordon Ross <[email protected]> > > Also remember the simple trick, if you want accounts where the user > can not logon, just make their shell /bin/false > > On Tue, Mar 6, 2012 at 6:18 PM, Jonathan Adams <[email protected]> wrot= > e: > > /etc/passwd still exists for local users (root should always exist as > > a local user) ... ldap is additional to it (and likewise should never > > have root in it) > > > > zones are really straight forward, > > http://wiki.openindiana.org/oi/7.+Virtualization ... _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
