[Bug 1188] keyboard-interactive should not allow retry after pam_acct_mgmt fails

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed May 3 12:44:10 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1188

           Summary: keyboard-interactive should not allow retry after
                    pam_acct_mgmt fails
           Product: Portable OpenSSH
           Version: -current
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: PAM support
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: dtucker at zip.com.au
OtherBugsDependingO 1155
             nThis:


Because each keyboard-interactive attempt is effectively
self-contained, when the PAM account check fails, the user is
reprompted, even though they can never possible succeed (since
do_pam_account() caches the result).  Eg:

$ ssh localhost
Password:
Your account has expired; please contact your system administrator

Password:

sshd should prevent further keyboard-interactive attempts if the PAM
account check fails.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list