On Tue, 16 Mar 1999, Bill Studenmund wrote:

> On 16 Mar 1999, Perry E. Metzger wrote:
> 
> > We need a general way to say "account is valid but password field is
> > not", as in, for instance, ssh only accounts.
> > 
> > How about another character besides "*" for that? Perhaps a "#"?
> 
> I like some sort of list. "*" would, as present, mean no-valid-password.
> But we could have a lot of different values. The main cluster at Stanford
> uses AFS for afs-domain passwords. ssh would make sense for what you
> describe. And I'd vote for a short phrase rather than "#" :-)

Well, if we do that sort of thing we should go the whole way, with either
PAM or that FreeBSD thing (forgot how it's called).

What I want is something like:

- allow login via ssh always
- allow login via telnet only from certain IP numbers
  - but allow normal password login only from certain (fewere) IP numbers
  - and require one-time-passwords from others
- and something similar for ftp, possibly differing per account.
- and some accounts are ftp-only
- and others perhaps Samba-only... (etc)

> Bill
-Olaf.
--
___ Olaf 'Rhialto' Seibert - rhialto@polder.ubc. ---- Unauthorized duplication,
\X/ .kun.nl ---- while sometimes necessary, is never as good as the real thing.