[Bug 278] ssh allows auto login even if account is locked
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Jun 15 04:56:12 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=278
Darren.Moffat at Sun.COM changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From Darren.Moffat at Sun.COM 2002-06-15 04:56 -------
This happens because sshd with public-key login does not call pam_authenticate,
but does call pam_acct_mgmt. In the pam_unix.so module that is shipped in
Solaris 8 there is no explicity account locked check.
This has been fixed in Solaris 9 and a fix for Solaris 8 is currently underway.
OpenSSH is not broken in anyway, this is a Solaris bug that only appears
when PAM applications call pam_acct_mgmt without having first called
pam_authenticate.
In the mean time a workaround would be to write a simple pam module that stacks
above or below pam_unix that checks for the string *LK* in sp->spwdp for the
user defined in PAM_USER.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list