Linux locked accounts and PAM
Max Bowsher
maxb at f2s.com
Thu Oct 2 20:51:59 UTC 2008
Hi,
"Traditional" (pre-PAM) Linux software, like the 'shadow' package
providing tools such as /usr/bin/passwd, and OpenSSH in non-PAM mode
support the concept of a "locked" account being one whose crypted
password field starts with a "!" character.
In particular, an account "locked" in this fashion becomes ineligible
for ssh logins by public key, as well as by password, when used in this
manner, when OpenSSH is not using PAM.
I'd quite like to make use of this feature even when OpenSSH *is* using
PAM. Is there any existing way to configure PAM to respect this convention?
If not, would it be sensible to add it to the pam_unix
account-management module?
Thanks,
Max.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/pam-list/attachments/20081002/1287cec5/attachment.sig>
More information about the Pam-list
mailing list