Bug#219377: SSHd: Ignores Pam Lockout When using SSH PubKey Auth
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 06 Nov 2003 at 05:09:48AM -0500, Matthew Vernon wrote:
> This is trivially true - all passwd -l does it make the password field
> in the {shadow,passwd} file be a value that nothing encrypts to, thus
> preventing successful password authentication.
>
> If a user is using publickey authentication, then no password check is
> made (that's rather the point) - therefore it will be impossible to
> disable access by simply fiddling with the password file.
>
> Accordingly, if a sysadmin wants to be able to disable accounts using
> passwd -l, then they'll have to enforce password authentication on all
> logins.
Actually, using passwd -l adds a ! to the front of the password hash
which is easily detected. In fact, passwd -S can detect this:
smeister L 05/29/2003 5 180 28 30
So I believe this is definitely something that is doable without forcing
passwords for every login.
- --
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #187: Fanout dropping voltage too much try cutting some of those little traces
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/qiIsS3Jybf3L5MQRAlG9AJwOIPMRrWTlnw0LxSwzQ3Ncx3JjEgCdGyOR
SEJufigXSn53Y6dXMbHiy6A=
=YpHt
-----END PGP SIGNATURE-----
Reply to: