Ioannis Vranos wrote:
> OS: SL 4.4 x86.
> 
> 
> Under Gnome, "Applications::System Settings::Users and Groups" runs 
> "User Properties". There, there is the option "Account Info::Local 
> password is locked". When I activate it for a user (as a root), I can 
> not log in to that account (this is a home PC). It is like it says "Lock 
> User Account" or something. Is this what it is doing, and mentions the 
> "local password" thing because it makes some passwd file thing?

Hi Ioannis,
That does look a little confusing at first glance.

Let me show you at least one thing that it is doing behind the scenes 
when you select that.

Before
# cat /etc/passwd | grep quake ; cat /etc/shadow | grep quake
quake:x:500:501:Quake User:/home/quake:/bin/bash
quake:$1$g36fBqvT$lpCl2YQvdx90kiJfPKD0T1:12920:0:99999:7:::

After
# cat /etc/passwd | grep quake ; cat /etc/shadow | grep quake
quake:x:500:501:Quake User:/home/quake:/bin/bash
quake:!!$1$g36fBqvT$lpCl2YQvdx90kiJfPKD0T1:12920:0:99999:7:::

As you can see, it is putting !! at the beginning of the account line in 
/etc/shadow.  This tells programs that this user can't use the password 
stored in /etc/shadow.

So, if the machine only has local accounts and passwords, that user is 
essentially locked out.

But, if the machine is setup so that it uses NIS, LDAP, Kerberos, and a 
wide variety of other authentication measures, well, they can still use 
those.

That is why it says
"Local password is locked"

If you are using a local password, your account is locked.
If you are using some other authentication scheme, it might still be 
possible to get in.

They might be able to word it better, but at first glance, I don't know 
how to word it better.

Troy
-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________