to login to any machine, but not affect changes to the LDAP entry. SSH
authentication keys are kept private.
+manpagesection(NOTES)
+To lock out an account take the password and prepend *LK* before the hash
+and after the {crypt} this is understood by ssh, shadow and the mailgateway to
+indicate a disabled account. No manipulations what so ever will be permitted.
+
+
manpageoptions()
startdit()
dit(bf(-a))
# Loop over the GPG key file
Outstanding = 0;
Ignored = 0;
+SeenKeys = {};
while(1):
Line = Keys.readline();
if Line == "":
if Line2 == "":
break;
+ if SeenKeys.has_key(Split2[9]):
+ print "Dup key 0x",Split2[9],"belonging to",KeyMap[Split2[9]][0];
+ continue;
+ SeenKeys[Split2[9]] = None;
+
if KeyMap.has_key(Split2[9]):
Ignored = Ignored + 1;
# print "Ignoring keyID",Split2[9],"belonging to",KeyMap[Split2[9]][0];
Rec = [(ldap.MOD_ADD,"keyfingerprint",Split2[9])];
Dn = "uid=" + UID + "," + BaseDn;
- print "Adding keyID",Split2[9],"to",UID;
+ print "Adding key 0x",Split2[9],"to",UID;
if KeyCount.has_key(UID):
KeyCount[UID] = KeyCount[UID] + 1;
else:
# Look for unmatched keys
for x in KeyMap.keys():
if KeyMap[x][1] == 0:
- print "keyID",x,"belonging to",KeyMap[x][0],"removed";
+ print "key 0x",x,"belonging to",KeyMap[x][0],"removed";
if KeyCount.has_key(KeyMap[x][0]) :
KeyCount[KeyMap[x][0]] = KeyCount[KeyMap[x][0]] - 1
if KeyCount[KeyMap[x][0]] <= 0:
if Sender == None:
raise Error, "Unable to determine the sender's address";
+ if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*") != -1):
+ raise Error, "This account is locked";
+
# Formulate a reply
Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time()));
Reply = "To: %s\nReply-To: %s\nDate: %s\n" % (Sender,ReplyTo,Date);