Caleb Cushing wrote:
so here's the problem I've discovered http://xenoterracide.blogspot.com/2009/11/bypassing-disabled-accounts-with-k... < links to arch bug included posting here because I believe both kde's and arch's developers responses are less than satisfactory. This is a security bug an easy to fix without making users lives more difficult.
Oh no. It has been 1 day and my "bug" is not fixed! I must blog about it so the world listens to me... "I shouldn't have to disable an account in more than 1 way to disable it across the board." Let see... one step procedures for disabling the user account 1) change password for that user 2) put an asterisk "*" at the beginning of the second field (before the encrypted password) in the file /etc/shadow. 3) set an account expiry date using chage 3) userdel is permanent one step procedure that works very well... #2 is my preferred. Allan