Steps used to disable a user in the Online Linux Pool:

(will use "exileduser" as the username for examples)

in SKM, toggle the user to disabled

on onlldap (update as of December 1, 2020: this is now on onlcs instead of onlldap(TBC)):

• change the user's login shell to /sbin/nologin (either in Webmin or with the chsh command, "chsh -s /sbin/nologin exileduser")
• chage -E 0 exileduser

on an OLP machine with access to ceph:

• tar user's home directory into ceph (cd /ldaphome; tar cjf /ceph/OLP-user-archive/exileduser.tar.bz exileduser; [if no error in the tar, then] rm -rf exileduser)

There could be circumstances in which the user's home directory should not be removed so that others can access its contents, but that is rare.  If it is requested to maintain a disabled user's home directory, it is generally acceptable to do so, but should be avoided by moving the desired content to another directory if possible, or archiving the exiled user's files and keeping only what is needed by other users.