Omitting Users from the Local Password Files
An invalid password entry in the passwd_override file prohibits users from logging into the machine on which the file exists. However, the invalid entry OMIT has a special meaning. Just as with any other invalid password, if you enter OMIT, the user cannot log in. Additionally, however, if you maintain the standard /etc/passwd and /etc/group files and used the passwd_export command to keep these files consistent with the registry database, you can specify that users with a password of OMIT be excluded from the /etc/passwd file. (See Ensuring Consistent Local Files for more information on the passwd_export command.)
Also, be aware that, if you have omitted users from the /etc/passwd file, information about those users is not available to any programs that use the password file. For example, the ls -l and the finger commands both access the password file to obtain further information about a user identified by a UNIX ID. If the user is omitted, no password entry exists and no information is available on that user.