On Tue, May 3, 2011 at 6:16 PM, Jason J. W. Williams
Are you installing from debs or gems?
Using gem_package to force installation from gems.
Are you install Chef from gems or debs?
Use “action :lock” which I failed to mention at first.
:lock will set the shadow password field to “*”?
This depends on your platform. On Linux, the account lock feature adds
an “!” to the beginning of the password field. The user can no longer
log in using this password. This does allow you to later unlock the
account and return to the previous password. On Linux, chef utilizes
"usermod -L" to lock an account, which acts this way.
I suppose you could set the password to “*” using the password
attribute. Since we’re normally writing directly to this field through
the shadow library, that may work.
Please keep in mind that neither of these options prevent login to an
account on Linux, they only prohibit login using a password. Often
people disable root login via ssh in the sshd_config and delete other
users when they are no longer needed. Alternately you could expire the
account (chage -E 1 user)