/etc/passwd shell setting for NFS authentication

[Wonboodoo]

Hi all,

I want users to be able to NFS mount a directory that's on a Solaris server but I don't want them to be able to login (and run a shell) on that Solaris server. They are mounting it from their Windows PC (using Hummingbird's NFS client and running a pcnfsd daemon on the Solaris server).

I tried setting the shell field in /etc/passwd to /bin/false (or /bin/true) for these users but then the NFS authentication fails. The authentication only seems to work when I put a valid shell (/bin/sh say) in the shell field of /etc/passwd, but then of course they can login and be running the shell.

What do I need to do to allow the authentication to work but prevent a shell from running if they telnet/ssh?

 

[Wonboodoo]

I figured it out by looking at the source code for pcnfsd. It's checking that the last two letters of the users shell is "sh". So doing the following works:
ln -s /bin/false /usr/local/bin/nosh
then setting the users shell to /usr/local/bin/nosh.

 

[rft1976]

we tried to use the Solaris User Account/s on Local
Host and Tried to Verify the Account/Pwd Expiry Feature ( Password aging ) and It works satisfactorily...However, when the same username and Password is being used at the Remote Dial in user to Login to the Network through a RADIUS( Steel belted Radius -Funk applied time of the day profiles ), it allows the user to Login even when the same Account on the Local Host has expired.....

Pls..i think that the Unix Users Account Settings are not carried all the way to Remote Dial in end user...Pls,treat and advice Further....we need to have the User Accounts congiured in a way that the Remote Dial In user Account/Pwd must expire ( thus rejecting the user ) , the same way it is happening on the local Solaris Account..Do we need to create a Different type of Account for such Users ??? Pls,Comment...An early Response is highly appreciated.

Thanks in Anticipation.