PAM auth with disabled user
Darren Tucker
dtucker at zip.com.au
Wed Jan 11 20:11:38 EST 2006
On Tue, Jan 10, 2006 at 01:50:52PM -0800, Paul Moore wrote:
> Is it intentional that password auth using PAM continues trying to log
> on (giving password 3 prompts) in the case that a user is disabled (so
> that pam_account returns an error code).
>
> It can be argued both ways (saying 'you are disabled' is giving out too
> much information, making it look like you are entering the wrong
> password confuses and frustrates the user)
Which version are you looking at? The last couple of versions will send
the output from PAM to the client under most conditions, and there are
a couple of fixes in the current development version that should fix
the remaining cases (those will be in the next release).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list