On Sun, Jan 20, 2002 at 04:37:19PM -0500, Sam Hartman wrote: > I've gotten several Debian bug reports that pam_nologin should be an > account module so it works better with ssh. The problem is that if > you have RSA outh or Kerberos auth with ssh, the pam_authenticate call > is is skipped, so if pam_nologin is in the auth stack, then it will be > ignored. > Clearly making pam_nologin be an account module is wrong because doing > so would cause it to wait until after the password is entered for > login applications. What about allowing pam_nologin to be both an > account and auth module? Would this be acceptable? I've commented before that many of the modules that ship as auth-only would also be very useful as account modules; I never heard any objections to that idea, it just seemed to be a question of writing the code. Steve Langasek postmodern programmer
Attachment:
pgp00006.pgp
Description: PGP signature