You need to add /bin/false to the /etc/security/login.cfg
There is a line in the file that says "SHELLS" and has a list of all
valid shells.
I created a script to run from my nim server to push it out - I do
this, just to have a backup if needed (not the cleanest, but it
works):
cp /etc/security/login.cfg /etc/security/login.cfg_save
sed 's?/bin/bash$?/bin/bash,/bin/false?g' /etc/security/
login.cfg >/etc/security/login.cfg_new
cp -f /etc/security/login.cfg_new /etc/security/login.cfg
rm -f /etc/security/login.cfg_new
cheers
K
