locking accounts when non-password authentication
Philip Hands
phil at hands.com
Wed Nov 24 10:47:47 EST 1999
Hi,
Its been pointed out to me that the old non-free ssh took notice of
locked accounts, in that it checked for passwords that started with
``*LK*'' and prevented RSA authenticated logins if that was the case.
It strikes me that there ought to be a way of checking this using PAM,
but I've failed to find it.
Failing that, it looks like we need to put some code in sshd.c or some
of the auth-*.c files to deal with /etc/shadow passwords, and check
them to see if they start with ``*LK*''.
Cheers, Phil.
More information about the openssh-unix-dev
mailing list