Using passwd to lock user accounts

You could also lock Katelyn's account with:

sudo passwd -l katelyn

This does the same job as usermod -L, but in a slightly different manner. For one thing, passwd -l will give you some feedback about what's going on, where usermod -L gives you no feedback at all. On Ubuntu, the feedback looks like this:

donnie@ubuntu-steemnode:~$ sudo passwd -l katelyn
[sudo] password for donnie:
passwd: password expiry information changed.
donnie@ubuntu-steemnode:~$

On CentOS, the feedback looks like this:

[donnie@localhost ~]$ sudo passwd -l katelyn
Locking password for user katelyn.
passwd: Success
[donnie@localhost ~]$

Also, on the CentOS machine, you'll see that passwd -l places two exclamation points in front of the password hash, instead of just one. Either way, the effect is the same.

To unlock Katelyn's account, just do:

sudo passwd -u katelyn

In versions of Red Hat or CentOS prior to version 7, usermod -U would remove only one of the exclamation points that passwd -l places in front of the shadow file password hash, thus leaving the account still locked. No big deal, though, because running usermod -U again would remove the second exclamation point.

In Red Hat or CentOS 7, it has been fixed. The passwd -l command still places two exclamation points in the shadow file, but usermod -U now removes both of them. (That's a shame, really, because it ruined a perfectly good demo that I like to do for my students.)