unexpected change in "locked account" behaviour
Darren Tucker
dtucker at zip.com.au
Fri Sep 26 06:55:14 EST 2003
Dan Astoorian wrote:
> The affected accounts were those with "*LK*" in the shadow file's
> password field (and my actual problem was that I had "*LK*" where I
> should have had "NP").
>
> I believe the reason for the behaviour change is the change of the
> default for options.use_pam. The reason I find this particularly
> strange is that USE_PAM is not even #defined (e.g., UsePam cannot be
> specified in sshd_config).
In 3.7p1 and 3.7.1p1, if sshd was compiled without USE_PAM,
options.use_pam would still end up being set, even though almost all of
the code that used it was #ifdef'ed out. The code you quoted still
checked it.
> Is this a known behaviour?
Yes. The behaviour of 3.7p1 and 3.7.1p1 (ie not checking) when compiled
without PAM was a bug.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list