From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Tue, 26 Apr 2005 21:23:28 +0000 (+0000)
Subject: - openssh-server 3.8 and above refuse login for "locked" accounts. replace
X-Git-Tag: after-util-vserver-0_30_208-revert~192
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=4391766cbbdff5da1b40a964f5cb2f916848d135;p=util-vserver.git

- openssh-server 3.8 and above refuse login for "locked" accounts. replace
  '!!' with '*' in the shadow password file.
- XXX still need a way to fix existing accounts. probably a script that
  does this for every active vserver (/etc/vservers/*.conf)
---

diff --git a/scripts/vuseradd b/scripts/vuseradd
index cc8d414..429a959 100755
--- a/scripts/vuseradd
+++ b/scripts/vuseradd
@@ -4,7 +4,7 @@
 #
 # Copyright (c) 2004  The Trustees of Princeton University (Trustees).
 #
-# $Id: vuseradd,v 1.19 2004/11/17 20:37:32 mlhuang Exp $
+# $Id: vuseradd,v 1.20 2004/11/23 14:47:35 mlhuang Exp $
 #
 
 : ${UTIL_VSERVER_VARS:=$(dirname $0)/util-vserver-vars}
@@ -29,6 +29,9 @@ groupadd slices 2>/dev/null || :
 # add user
 useradd -g slices -s /bin/vsh $NAME
 
+# openssh-server 3.8 and above refuse login for "locked" accounts
+sed -i -e "s/$NAME:\!\!:\(.*\)/$NAME:*:\1/" /etc/shadow
+
 USERID=$(awk -F: "\$1 == \"$NAME\" { print \$3 }" < /etc/passwd)
 GROUPID=$(awk -F: "\$1 == \"slices\" { print \$3 }" < /etc/group)