Locked account and logging in with public key

Osmo Paananen osmo.paananen at sonera.inet.fi
Thu Nov 14 00:46:16 EST 2002

Darren J Moffat wrote:

>On Tue, 12 Nov 2002, Osmo Paananen wrote:
>>I'm using Openssh v3.5p1 with Solaris 8 compiled with pam support enabled.
>>It seems that if I use public key authentication I can log in to an
>>account that is locked (/etc/shadow has *LK* as password).
>>Login is also allowed even if the user does not have a valid shell.
>>Is this a bug or am I missing something
>It is a Solaris 8 bug that was fixed in Solaris 9 (Sun BugId: 4506972)
>when pam_unix was broken into smaller modules.
I don't believe that this is a Solaris 8 issue.  The behavior seems to 
be identical in Solaris 2.6.
If account has *LK* as password login is allowed when using public key 

Could this be a configuration issue?

snippet from my (Sol 2.6) pam.conf:

other   auth required   /usr/lib/security/pam_unix.so.1
other   account required        /usr/lib/security/pam_unix.so.1
other   session required        /usr/lib/security/pam_unix.so.1
other   password required       /usr/lib/security/pam_unix.so.1

More information about the openssh-unix-dev mailing list