On Sun, 21 Oct 2001, Steve Cabito wrote: > I hope this is an easy one: > Users who have a shell (/bin/bash) authenticate OK. > Users who don't (/bin/false) don't.
1. Put /bin/false in /etc/shells 2. run shadow passwords on ALL systems, especially those with shell access or web access. Run crack (or a derivitive) on your password file to find out why. It's embarassing how fast a 1+ghz Pentium can brute force guess passwords against a readable password file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
