Newsgroups: comp.unix.aix
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!maverick.ksu.ksu.edu!unlinfo.unl.edu!news
From: james@engrs.unl.edu (James Nau)
Subject: Re: Invalidating Users (temporarily)
Message-ID: <1991Jun25.031042.23974@unlinfo.unl.edu>
Summary: Yeah!  It works
Originator: james@engrss2.unl.edu
Keywords: FTP invalidation shells
Sender: james@engrs.unl.edu
Nntp-Posting-Host: engrss2.unl.edu
Organization: College of Engineering, University of Nebraska--Lincoln
References: <1991Jun21.163259.6777@unlinfo.unl.edu> <19397@rpp386.cactus.org>
Distribution: usa
Date: Tue, 25 Jun 1991 03:10:42 GMT
Lines: 20

In article <19397@rpp386.cactus.org> jfh@rpp386.cactus.org (John F Haugh II) writes:
>In article <1991Jun21.163259.6777@unlinfo.unl.edu> james@engrss2.unl.edu (James Nau) writes:
>>Does anyone know of a way to invalidate a user so that a message is
>>displayed, and the user is logged off, and ftp access is disabled?
>
>There is a file, /etc/shells, which lists the shells which a user may
>have and be granted FTP access.  The /etc/shells file was replaced by
>the "shells" attribute in /etc/security/login.cfg and I suspect the
>people in TCP/IP didn't get the message.
>-- 
>John F. Haugh II  | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh

This is just what I was looking for.  Thanks!  As it turns out, /etc/shells
is NOT needed.  It is indeed the shells attribute in /etc/security/login.cfg.
My problem was that I had the shell in there (mkuser requires it).  Then,
I'd try testing against the same machine...  But, removing my shell from
the shells= attribute, then ftp'ing, did indeed as I wanted.  ie, no ftp
access, a message printed out at login, and the user logged off.

James