unexpected change in "locked account" behaviour

Darren Tucker dtucker at zip.com.au
Fri Sep 26 06:55:14 EST 2003

Dan Astoorian wrote:
> The affected accounts were those with "*LK*" in the shadow file's
> password field (and my actual problem was that I had "*LK*" where I
> should have had "NP").
> I believe the reason for the behaviour change is the change of the
> default for options.use_pam.  The reason I find this particularly
> strange is that USE_PAM is not even #defined (e.g., UsePam cannot be
> specified in sshd_config).

In 3.7p1 and 3.7.1p1, if sshd was compiled without USE_PAM,
options.use_pam would still end up being set, even though almost all of
the code that used it was #ifdef'ed out.  The code you quoted still
checked it.

> Is this a known behaviour?

Yes.  The behaviour of 3.7p1 and 3.7.1p1 (ie not checking) when compiled
without PAM was a bug.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list