> -----Original Message----- > From: [EMAIL PROTECTED]
> > Update: > > I've come up with a not-so-elegant solution to my problem. > > In case there is something in my pam.conf that doesn't like > seeing "johndoe:*LK*:::::::" in /etc/shadow, I've changed the > "*LK*" to a random 14-character string for all users and > disabled password aging. > That way, it'd be nearly impossible for them to guess their > SunRay server password and force them to use their AD domain password. Have you tried using NP for the password field? It indicates that the account has No Password. The old admintool called this option "No password -- setuid only". It's often used for accounts daemons run under. -- Russ _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
