Or just set the password to skey for radius users too?
On Mon, Apr 19, 2010 at 06:04:22PM -0400, Ted Unangst wrote: > On Mon, Apr 19, 2010 at 5:42 PM, Andrew Klettke > <aklet...@opticfusion.net> wrote: > > You mean the "*" field? I've replaced that with "radius", as you suggested, > > so it looks like so: > > (removed):radius:1000:10:radius:0:0:nocstaff:/home/(removed):/bin/ksh > > > > It works, the user can log in fine still; however, OpenBSD still isn't > happy > > about it: > > > > Checking the /etc/master.passwd file: > > Login (removed) is off but still has a valid shell and alternate access > > files in > > home directory are still readable. > > Guess my awk isn't as awesome as it used to be. I'd just edit > /etc/security. There's a check in there to make sure the password > isn't skey. Add another check that's it's not radius.
