There are two ways to lock an account. The first is using the passwd command with the -l option. For example, the current entry in /etc/passwd for the user jones might look like this:
jones:6.D/N3ZFGmq7U:3333:10:Jeremiah Jones:/usr/people/jones:/bin/tcsh
passwd -l jonesand the entry becomes:
jones:*LK*:3333:10:Jeremiah Jones:/usr/people/jones:/bin/tcshThis command changes the password field of the entry in /etc/passwd for account jones to
*LK*. This blocks all logins to that account.
The second way to lock an account is by editing the password file directly. Change the password field to any string of characters that is not used by the password encryption program to create encrypted passwords. The passwd command with the -l option uses the string *LK*. You can use other strings to lock accounts.
For example, you can use a descriptive phrase such as "LOCKED;" to remind you that the account was deliberately disabled:
ralph:LOCKED;:100:1:Ralph P. Cramden:/usr/people/ralph:
Another common method of disabling a password is to put an asterisk (*) in the password field. The default IRIX /etc/passwd file disables some unused logins in this manner. Be sure to check your /etc/passwd file to be sure all logins have passwords or are disabled.