Sometimes you need to disable user accounts (say, people enter and leave the team).
Other times, you need a fictional user just to run certain processes but that user is not a real person. This is useful for managing accesses and give the least possible amount of permissions.
These commands will lock users out of the machine in any kind of authentication (ssh-key, password-based logins, etc).
# disallow peter from logging in sudo usermod --expiredate 1 user
# set expiration date of peter to Never sudo usermod --expiredate "" peter
Force user to re-enter a password
This will expire the current password of the user, but allow them to log in after they enter a new one.
# make peter think of a new password on login sudo passwd -e YYYY-MM-DD peter