PAM auth with disabled user
Darren Tucker
dtucker at zip.com.au
Sat Jan 14 12:26:25 EST 2006
On Thu, Jan 12, 2006 at 11:45:27AM -0800, Paul Moore wrote:
> Our test was with 4.1p1
>
> I see that you display a message (if set). But then you proceed to
> repromt even though the pam module returned a disabled error code.
>
> I guess you are saying that the PAM module must tell the user they are
> disabled.
Yes. As a general rule, sshd tries to give the client no indication as
to why an authentication failed. If you want to PAM to provide some
information to the client then you can, but you need to configure PAM
to do so.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list