On 2 October 2014 16:19, Jason L Tibbitts III <tibbs@math.uh.edu> wrote:
>>>>> "SJS" == Stephen John Smoogen <smooge@gmail.com> writes:

SJS> In this case that would be close to a hundred thousand accounts
SJS> linked to /bin/noshellforyou for the 3200 that are cla+1.

Just stating a solution.  It would actually work, after all.  Whether
it's worth the annoyance and any potential security exposure, I don't
know.  But if you want to display something to CLA+0 people but not
CLA+1 people then, well, I believe that is the only way to do it.

SJS> In the past that was a great way to DOS a machine..

Maybe back in 1994 or something.  I really doubt this is a consideration
these days.

Well 2008. It was having too many unused accounts with too little memory to deal with having a good many of them looked up at the same time. In that case it was a ssh bot and then compounded by a student saying "hey let me go through ldap and login in and see how many people have the password password. And an account system which had accounts for students since 1980 in it (most of them set to /bin/nologin) 

 - J<

Stephen J Smoogen.