On Mon, Apr 19, 2010 at 5:42 PM, Andrew Klettke <aklet...@opticfusion.net> wrote: > You mean the "*" field? I've replaced that with "radius", as you suggested, > so it looks like so: > (removed):radius:1000:10:radius:0:0:nocstaff:/home/(removed):/bin/ksh > > It works, the user can log in fine still; however, OpenBSD still isn't happy > about it: > > Checking the /etc/master.passwd file: > Login (removed) is off but still has a valid shell and alternate access > files in > home directory are still readable.
Guess my awk isn't as awesome as it used to be. I'd just edit /etc/security. There's a check in there to make sure the password isn't skey. Add another check that's it's not radius.