<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 2 October 2014 16:19, Jason L Tibbitts III <span dir="ltr"><<a href="mailto:tibbs@math.uh.edu" target="_blank">tibbs@math.uh.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">>>>>> "SJS" == Stephen John Smoogen <<a href="mailto:smooge@gmail.com">smooge@gmail.com</a>> writes:<br>
<br>
SJS> In this case that would be close to a hundred thousand accounts<br>
SJS> linked to /bin/noshellforyou for the 3200 that are cla+1.<br>
<br>
Just stating a solution. It would actually work, after all. Whether<br>
it's worth the annoyance and any potential security exposure, I don't<br>
know. But if you want to display something to CLA+0 people but not<br>
CLA+1 people then, well, I believe that is the only way to do it.<br>
<br>
SJS> In the past that was a great way to DOS a machine..<br>
<br>
Maybe back in 1994 or something. I really doubt this is a consideration<br>
these days.<br>
<span class="HOEnZb"><font color="#888888"><br></font></span></blockquote><div><br></div><div>Well 2008. It was having too many unused accounts with too little memory to deal with having a good many of them looked up at the same time. In that case it was a ssh bot and then compounded by a student saying "hey let me go through ldap and login in and see how many people have the password password. And an account system which had accounts for students since 1980 in it (most of them set to /bin/nologin) </div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="HOEnZb"><font color="#888888">
- J<<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Stephen J Smoogen.<br><br></div>
</div></div>