suspending login

[Jason Stewart]

On Tue, 2005-04-05 at 18:50 -0400, Ean Kingston wrote:
> On April 5, 2005 06:42 pm, Bob Ababurko wrote:
> > Hello all-
> >
> > I am trying to figure out how to suspend a login for a user.  Do I have
> > to do this with password aging or is there an easier(read brute force)
> > way to disallow a user from logging in?
> 
> the safest way is to set the shell to /sbin/nologin and the home directory 
> to /nonexistant in your auth system. The latter is especially needed if you 
> allow ssh for remote login since the public-key authentication mechanisms 
> sometimes bypass the normal login restrictions.
> 

Am I mistaken here, or will doing that only deny the user a shell and
home directory? The user will still be able to authenticate against the
password database right?

To the best of my knowledge the "correct" way of doing this is either
the asterisk method in the password field using vipw or the more user
friendly way of using pw(8) with the lock command.

Jason