locked account accessable via pubkey auth
Damien Miller
djm at mindrot.org
Tue Jan 29 23:15:48 EST 2002
On Tue, 29 Jan 2002, Dost, Alexander wrote:
> maybe this is a silly question ;-) But why is it possible to
> login on a machine with a locked account (passwd -l ) via
> pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on
> Solaris8 with PAM support so I thought this should not happen.
>
> If this is the normal behaviour and built in intentionally what
> would be the easiest way to lock an account without deleting the
> users authorized_keys ? If not, what output do you need to verify
> the problem ?
"locking" an account is really locking the password, since you
are not using password authentication this is ignored.
A way that should work is to mark the account as expired, or
just rename the ~/.ssh/authorized_keys file
-d
More information about the openssh-unix-dev
mailing list