sun-managers is to be commended again for quick response.
There were sevral good suggestions. The one I chose, which works
great, was offered first by Bryan, bigmac@erg.sri.com. He said:
yes, follow the above + line with:
+:*:::::/usr/local/etc/nologin.lockout
(The nologin.lockout is a shell of ours that tells
the person attemping to log in that they cant and why, then
exits, all in a secure fashion.) This will allow the
rest of the YP map to exist, but the * in the password
field takes precedence over the YP password field and
cannot be matched, thus locking out logins.
Other suggestions included touching or creating /etc/nologin, which would
prevent all logins and remote logins (I need to permit access by the
netgroup) and creating individual password entries with non-shells,
as above.
Thanks to all.
-Mahlon
-------------------------------------------------------------
Mahlon Stacy Internet: mcs@mayo.edu
Mayo Foundation
Rochester, MN 55905 Minnesota Regional Network
(507) 284-4558 Amateur: KF0AW
-------------------------------------------------------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:16 CDT