Locked account checks and PAM
Damien Miller
djm at mindrot.org
Tue Aug 26 14:04:11 EST 2003
Darren Tucker wrote:
> Hi All.
> I (actually the tinderbox[1]) found a problem with the fix for bug #422:
> when PAM is enabled on a platform that uses /etc/shadow, the variable
> "passwd" in auth.c is used uninitialized.
>
> There's a simple patch attached to fix this.
>
> The question is: should the locked account test be done when PAM is
> enabled or should we rely on PAM to do the right thing? In theory they
> should behave the same way, but ISTR that in some patchlevels of Solaris
> PAM did not check for this.
If PAM is enabled, it is PAM's responsability.
-d
More information about the openssh-unix-dev
mailing list