locked account accessable via pubkey auth
Kevin Steves
stevesk at pobox.com
Wed Jan 30 03:01:07 EST 2002
On Tue, 29 Jan 2002, Dost, Alexander wrote:
:maybe this is a silly question ;-) But why is it possible to login on a
:machine with a locked account (passwd -l ) via pubkey-authentication
:(authorized_keys) ?
:I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not
:happen.
what does rlogind do under the same conditions with host equivalency
configured?
:If this is the normal behaviour and built in intentionally what would be the
:easiest way to lock an account without deleting the users authorized_keys ?
:If not, what output do you need to verify the problem ?
in the PAM case, PAM decides, via pam_acct_mgmt(). if i do ``passwd -l
user'' on HP-UX i see:
Jan 29 07:34:26 jenny sshd[2601]: PAM rejected by account
configuration[28]: Account is disabled - see Account Administrator
More information about the openssh-unix-dev
mailing list