# Possible to deny all NIS users from login?



## littlesandra88 (Apr 22, 2013)

Hello all 

In the handbook it is explained how to prevent specific NIS users from logging in. Is it possible to deny all NIS users from logging in?

This is what I have done:

```
echo 'nisdomainname="example"' >> /etc/rc.conf
echo 'nis_client_enable="YES"' >> /etc/rc.conf

echo "+:::::::::" >> /etc/master.passwd
echo "+:*::" >> /etc/group
pwd_mkdb -p /etc/master.passwd

/etc/netstart
/etc/rc.d/ypbind start
```

Hugs,
Sandra


----------



## cpm@ (Apr 22, 2013)

See section *COMPAT SUPPORT* in passwd(5) man page. Also read /var/yp/Makefile.dist.


----------



## pboehmer (Apr 23, 2013)

Just append /usr/sbin/nologin to your NIS entry in /etc/master.passwd


```
+:::::::::/usr/sbin/nologin
```


----------



## littlesandra88 (Apr 23, 2013)

Very nice =) Thanks =)

I had to do both


```
echo "+:::::::::/usr/sbin/nologin" >> /etc/master.passwd
echo "AllowUsers root sandra" >> /etc/ssh/sshd_config
```

before sshd would deny login. With just the nologin it would login and then logout right away.


----------

