Greetings Forumers!
I have created several Application accounts on servers that run cron jobs but should not allow direct logins. These accounts have a password set but have been modified with 'passwd -N'.
Now my users are complaining that they cannot become that application account with /bin/su. They are entering the correct password for the account but are getting the access to the account.
Is this because of the 'passwd -N'?
Thanks!
Never heard of a "-N" parameter to "passwd". What Operating System are you using and what does "passwd -N" do?
Sorry, I am running Solaris 10 u7 (05/09).
From passwd(1) man page:
Privileged User Options
Only a privileged user can use the following options:
-N
Makes the password entry for name a value that cannot be used for login, but does not lock the account. See the -d option for removing the value, or to set a password to allow logins.
Within the same "man" page it makes it clear:
Locking an account (-l option) does not allow its use for password based login or delayed execution (such as at(1), batch(1), or cron(1M)). The -N option can be used to disallow password based login, while continuing to allow delayed execution.