Just execute a "change query" to change the exiled user's "password" field (which is actually encrypted) to something in clear text, e.g., "banned for 2 weeks per so-and-so" -- which effectively prevents the user from logging in.
Won't the user be able to request a new password?
Regards,
Erik