locked account accessable via pubkey auth
Frank Cusack
fcusack at fcusack.com
Thu Jan 31 11:24:47 EST 2002
On Wed, Jan 30, 2002 at 11:23:31AM -0500, Nicolas Williams wrote:
> Leave things as they are please - do not add a check to see if the
> password field in the shadow entry is *LK*, that would not be generally
> useful (think: what if you're using only Kerberos for password
> validation?).
I have to agree with Nico here, don't try to second guess the system
designers. On Solaris (up to 8, anyway), it seems that 'passwd -l' is
NOT intended to lock the account. Those that want other behaviour should
take it up with the vendor (or switch vendors).
FWIW, I do think this is a "bug" in that it really should lock the account.
Apparently, Sun thinks so also (as Darren points out).
/fc
More information about the openssh-unix-dev
mailing list