Originally posted by: Checoturco

Hello All,

since some days ago, i'm searching for any command that could set the asterisk in the second field in /etc/passwd file for an user, and i'm not able to find it.
I'm pretty sure that edit this file with vi is not the best way. I also thought in use sed but i think that a command must exist to do it.
This is a production server and i'm afraid that something goes wrong with this change. I read man for the commands pwdadm and passwd but none of these commands do this.

Configure this user with blank pwd do not solve because in the passwd file still appears the sign ! and in the /etc/security/passwd appears a blank password.

Any help will be good.

Thanks
#AIX-Forum

Originally posted by: SystemAdmin

Hi,

The good question is why ? what are you trying to do ?
#AIX-Forum

Originally posted by: SystemAdmin

Moreover, an * in the second field of /etc/passwd indicates an invalid password...
#AIX-Forum

Originally posted by: Checoturco

i need this user to be configured with disable password. The user will not use password to login in the systems.

I configure the password = * attribute for this user in the file /etc/security/passwd and now maybe i just need synchronize/replicate this information to /etc/passwd file. I need this configuration in the /etc/passwd file.

Any help will be thankful
#AIX-Forum

Originally posted by: SystemAdmin

I think you could let "!" in /etc/passwd and "*" in /etc/security/passwd so user can't authenticate with password.
If you are using ssh keys, login is still permitted.

To check the status of a user, for example utest have an asterisk in /etc/passwd

root# pwdck -n user 3001-402  The user utest has an invalid password field in /etc/passwd.

To correct it, the system will put "!" in /etc/passwd and "*" in /etc/security/passwd

root# pwdck -p user

#AIX-Forum

Originally posted by: Checoturco

Hi Meyawi,

Thanks for your answer.
With this configuration solves my problem as well, thanks.

But, do u know in way to put the "*" in the /etc/passwd file with some command? I mean, without use vi or sed...

Thanks.
#AIX-Forum

Originally posted by: SystemAdmin

You are right, it's better to not edit some files using an editor.
Maybe you could do it this way :

root# echo 
'user:*' | chpasswd -ec root# pwdck -p user

#AIX-Forum

Originally posted by: Checoturco

Thanks, worked fine.

Checo
#AIX-Forum

Originally posted by: ColombianJoker

Isn't easier to lock a user account using *chuser account_locked=true USERNAME*?
#AIX-Forum

Originally posted by: SystemAdmin

In that case the account is locked, login isn't permitted even if you try to login threw ssh keys authentication.
#AIX-Forum

Originally posted by: ColombianJoker

Then what you need is

PasswordAuthentication no

in /etc/ssh/sshd_config.
#AIX-Forum

Originally posted by: SystemAdmin

Checoturco wrote:
I'm agree with you if you want to prevent password authentication for all users, but not for only one.
I don't know exactly what Checoturco want to do with all its users so it could be a solution but in that case you would have to pay attention to other login method like telnet...
#AIX-Forum