openssh ignores locked account using public key authentication

Kyle Robinson ky.robinson at gmail.com
Wed Oct 5 13:23:36 MDT 2005


> I totally agree, but it does not appear to fix this issue related to
> public key authentication in regards to locked accounts.
>
> --
> Erik R. Jensen

Looks like you're right.  For some strange reason Linux PAM doesn't
bother checking for account status in pam_acct_mgmt() where Solaris
PAM does, for exactly this sort of reason.  I wonder if there is a
patch to Linux PAM's pam_unix.so to make it work correctly for session
and account managment.



More information about the PLUG mailing list