A while ago, I implemented ssh cron jobs to automate scripts and not
use rlogin.  Everything was working fine up until the accounts were
locked via 'passwd -l'.  Now, it prompts for a password effectively
breaking the scripts.


I believe the option that may be causing this is:

KerberosAuthentication yes


Is there a way to get the script working again and still leave the
accounts locked?  My understanding is that to use SSH/SCP, you still
need a valid shell therefore /bin/nologin or /bin/false wouldn't work.

The accounts were locked for security issues (minimal account with
/bin/rksh for a shell), as well as intended to be one less account we
have to change passwords on every 90 days on upwards of 100 boxes.

Any thoughts on a way I can implement this while leaving the accounts locked?

Thanks.

-- 
-Shawn

-Nemo me impune lacessit.  Ne Obliviscaris..