Bug#219377: Debian bug #219377: further info

To: 219377@bugs.debian.org, Phillip Hofmeister <plhofmei@zionlth.org>
Subject: Bug#219377: Debian bug #219377: further info
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 09 Nov 2003 17:38:09 +1100
Message-id: <[🔎] 3FADE0D1.C156596C@zip.com.au>
Reply-to: Darren Tucker <dtucker@zip.com.au>, 219377@bugs.debian.org

Hi.
	I have some further info regarding the Debian bug you reported ("sshd
ignores PAM lockout when using pubkey auth").

	Recently this was addressed in the upstream source (3.7p1 and up) for the
non-PAM case.  On platforms that have a concept of a locked account, sshd
checks for the specific string that denotes a locked account on that
platform.

	When running with PAM enabled, however, sshd delegates all account checks
to PAM.  Thus the locked account check should be done by PAM (probably in
pam_acct_mgmt).

	Later patchlevels of Solaris do this kind of check in PAM (I think in
pam_acct_mgmt, but I'm not sure of that).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Reply to:

Prev by Date: PROTECT YOUR CHILDREN From Offensive Language On Your TV With ProtecTV...isolde
Next by Date: Bug#219844: openssh: [wishlist] Please include updated Brazilian Portuguese (pt_BR) debconf template translations
Previous by thread: PROTECT YOUR CHILDREN From Offensive Language On Your TV With ProtecTV...isolde
Next by thread: Bug#219844: openssh: [wishlist] Please include updated Brazilian Portuguese (pt_BR) debconf template translations
Index(es):
- Date
- Thread