On Mon, May 16, 2005 at 08:22:26AM +1000, Brian May wrote: > >>>>> "Steve" == Steve Langasek <vorlon@debian.org> writes: > Steve> It does, if you use the authorization checks in PAM. If > Steve> you only use the authentication checks, then PAM is only > Steve> going to authenticate the user -- not check whether they're > Steve> allowed access. > When you say "authorization checks" vs "authentication checks" what do > you mean? > PAM has the following sections "auth", "account", "password", > "session". All of these are configured by default on Debian. The > implication I got when reading Marc's post (or did I read too much > into it?) is if ssh is configured to use PAM and if you use RSA based > authentication, it won't detect if the account is locked. > I fail to see where terms like "authorization" and "authentication" > fit into its configuration scheme. The PAM "auth" section is for authentication, and the "account" section is for (account) authorization. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature