What program is commonly used to lock out users on a Linux system?

The correct choice is associated with the Pluggable Authentication Module (PAM), which is a framework that allows the system administrator to set up authentication for applications in a flexible way. In the context of user account management, PAM plays a significant role in controlling user access, including locking out user accounts.

When a user account needs to be locked out — for instance, following a certain number of failed login attempts or as part of a security policy — PAM can be configured to enforce these rules. This is done via PAM modules that handle authentication and account management. One such module is pam_tally2, which can keep track of login attempts and lock accounts as necessary.

The other choices are relevant to user management but serve different functions. For instance, the SSH daemon (sshd) is primarily responsible for handling SSH connections, while userdel is a command used to remove user accounts from the system. The passwd command, on the other hand, is typically used to change a user's password and can also be used to lock or unlock accounts with specific options (like passwd -l to lock a user). However, PAM is specifically designed for managing authentication policies and user access, making it the most comprehensive answer for locking out users