nologin not working with openssh >= 4.3 and authentication != password
Michael Weiser
michael at weiser.dinsnail.net
Tue Jan 9 04:25:53 EST 2007
On Tue, Jan 09, 2007 at 03:35:57AM +1100, Darren Tucker wrote:
> > file into /etc. This only worked for logins that use the password
> > authentication mechanism. publickey-based authentications still
> sshd uses the PAM auth stack for password or challenge-response (aka
> kbdint) authentications but uses the account and session stacks for all
> authentication methods.
> > Is this a known issue or even a non-issue due to a misunderstanding on
> > my part?
> Do you have pam_nologin in the auth stack only in the PAM config file?
Yes, exactly.
> I suspect that you just need to add pam_nologin to the account stack.
Thanks, that did it. The Gentoo sshd pam config seems to be broken that
way. I'll open a bug with them.
Thanks for your help and sorry for the (perhaps) FAQ.
--
bye, Micha
More information about the openssh-unix-dev
mailing list