locked account accessable via pubkey auth

[Frank Cusack]

On Wed, Jan 30, 2002 at 05:02:37PM -0800, Darren Moffat wrote:
> New in Solaris 9 is pam_unix_account(5) which says:
> 
>      pam_unix_account provides functionality to the  PAM  account
>      management  stack. The function pam(3PAM) function retrieves
>      password aging information from the  repositories  specified
>      in  nsswitch.conf(4),  and  verifies that the user's account
>      and password have not expired.

hmm... This seems broken.  If I want a certain service to check pam_unix,
I list it in pam.conf.  Instead, I'm now supposed to call pam_unix_account()
specifically?  Is pam_unix_account() somehow different than the normal
pam account mgmt w/ pam_unix in pam.conf?  The intent of this (AFAICT) is
so that an app can always check against pam_unix, regardless of what's in
pam.conf -- broken.  Sorry, this is getting OT.

Oh, there's a typo in that man page, it looks like it should read
"The function pam_unix_account(3PAM)". :-)

> passwd(1)'s description of the -l flag does still say:
>      -l    Locks password entry for name.
> 
> 
> Note that it doesn't say it locks the password it says locks the "password
> entry", implying it disables access to the account.  I agree this could
> be clearer - I'll see what I can do about getting it changed.

Do you know if a patch will be available for Solaris 8?

/fc