On Sun, Apr 10, 2011 at 11:03:34AM -0700, Russ Allbery wrote: > sean finney <sean...@seanius.net> writes: > > > For locking the account, I think it could be problematic if you have > > some kind of central account management system (i.e. LDAP/AD), and you > > don't want to lock it globally. > > Yeah, but adduser doesn't ever do anything with central account management > systems anyway, so far as I know, so you could tell adduser to lock it and > if adduser can't find it in the local /etc/passwd or /etc/shadow, it would > just give up.
I was always given the impression that adduser and friends "wanted" to be able to handle non-local accounts, but nobody had ever extended it to do so? So I think it's a bit shaky to make that assumption. But if we specifically limit the scope for users/groups being locked to "only if they're in /etc/passwd,/etc/group" then yes I think that the recommendation makes sense. But then we probably ought to also have some boilerplate examples of exactly how it should be done. On that note, I just read over 9.2 and see we don't have anything about the right behavior for adding users/groups there either, and you have similar problems along those lines. Actually it seems that 9.2 as a whole could use a bit of a facelift :) sean -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org