[Bug 1188] keyboard-interactive should not allow retry after pam_acct_mgmt fails
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed May 3 12:44:10 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1188
Summary: keyboard-interactive should not allow retry after
pam_acct_mgmt fails
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: bitbucket at mindrot.org
ReportedBy: dtucker at zip.com.au
OtherBugsDependingO 1155
nThis:
Because each keyboard-interactive attempt is effectively
self-contained, when the PAM account check fails, the user is
reprompted, even though they can never possible succeed (since
do_pam_account() caches the result). Eg:
$ ssh localhost
Password:
Your account has expired; please contact your system administrator
Password:
sshd should prevent further keyboard-interactive attempts if the PAM
account check fails.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list