Filter
Top Products
104 Chapter 8 Working with Users and Groups
3 Authenticate as an administrator by entering the following command, replacing
adminusername with an administrator’s user name, and entering that administrator’s
password when prompted:
> auth
adminusername
4 Delete the user account by entering the following command, replacing ajohnson with
the user account’s short name:
> delete
ajohnson
5 Quit dscl by entering:
> quit
A user account usually has a matching group of the same name. See “Removing a
Group Account” on page 112, for information about deleting this group.
Revoking a User’s Right to Access His or Her Account
There are times when it is necessary to revoke a user’s ability to access the computer.
This involves preventing the user from logging in and then terminating all of the user’s
processes. This can be done by forcing the user to log out and then killing any
remaining processes, or by just killing all of the user’s processes.
To prevent a user from logging in:
1 Start the dscl tool in interactive mode, specifying the computer you are using as the
source of directory service data:
$ dscl localhost
>
2 Change the current folder to /LDAPv3/ipaddress/Users by entering the path at the
prompt:
> cd /LDAPv3/
ipaddress
/Users
Replace
ipaddress
with the IP address of your directory server. If using a NetInfo
directory domain, enter cd /NetInfo/root/Users at the prompt.
3 Authenticate as an administrator by entering the following command, replacing
adminusername with your administrator user name, and entering your administrator
password when prompted:
> auth
adminusername
4 Quit dscl by entering:
> quit
5 Disable the user account by entering the following command:
$ pwpolicy -a
diradmin
-u
ajohnson
-setpolicy “isDisabled=1”
Replace ajohnson with the short name of the user account and replace diradmin with
the short name of your domain administrator account.