Locked account and logging in with public key
Osmo Paananen
osmo.paananen at sonera.inet.fi
Thu Nov 14 00:46:16 EST 2002
Darren J Moffat wrote:
>On Tue, 12 Nov 2002, Osmo Paananen wrote:
>
>>I'm using Openssh v3.5p1 with Solaris 8 compiled with pam support enabled.
>>It seems that if I use public key authentication I can log in to an
>>account that is locked (/etc/shadow has *LK* as password).
>>Login is also allowed even if the user does not have a valid shell.
>>Is this a bug or am I missing something
>>
>
>It is a Solaris 8 bug that was fixed in Solaris 9 (Sun BugId: 4506972)
>when pam_unix was broken into smaller modules.
>
I don't believe that this is a Solaris 8 issue. The behavior seems to
be identical in Solaris 2.6.
If account has *LK* as password login is allowed when using public key
authentication.
Could this be a configuration issue?
snippet from my (Sol 2.6) pam.conf:
other auth required /usr/lib/security/pam_unix.so.1
other account required /usr/lib/security/pam_unix.so.1
other session required /usr/lib/security/pam_unix.so.1
other password required /usr/lib/security/pam_unix.so.1
More information about the openssh-unix-dev
mailing list