locked account accessable via pubkey auth
Damien Miller
djm at mindrot.org
Wed Jan 30 15:39:38 EST 2002
On Tue, 29 Jan 2002, Frank Cusack wrote:
> On Tue, Jan 29, 2002 at 08:48:51AM -0600, Albert Chin wrote:
> > On Tue, Jan 29, 2002 at 12:56:55PM +0100, Dost, Alexander wrote:
> > > maybe this is a silly question ;-) But why is it possible to login on a
> > > machine with a locked account (passwd -l ) via pubkey-authentication
> > > (authorized_keys) ?
> > > I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not
> > > happen.
> >
> > Check the list archives and you'll find others with the same problem.
> > Noone has turned up a solution with Solaris 8/PAM yet.
>
> huh.. This is definitely a bug; probably in the Solaris PAM libs. I can
> look into this, unfortunately not within a day or so.
I don't think it is a bug even. Having accounts with locked passwords, but
still accessible via pubkey auth is a very useful thing.
-d
More information about the openssh-unix-dev
mailing list