bugzilla-daemon at mindrot.org
2002-Jun-14 18:56 UTC
[Bug 278] ssh allows auto login even if account is locked
http://bugzilla.mindrot.org/show_bug.cgi?id=278
Darren.Moffat at Sun.COM changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From Darren.Moffat at Sun.COM 2002-06-15 04:56
-------
This happens because sshd with public-key login does not call pam_authenticate,
but does call pam_acct_mgmt. In the pam_unix.so module that is shipped in
Solaris 8 there is no explicity account locked check.
This has been fixed in Solaris 9 and a fix for Solaris 8 is currently underway.
OpenSSH is not broken in anyway, this is a Solaris bug that only appears
when PAM applications call pam_acct_mgmt without having first called
pam_authenticate.
In the mean time a workaround would be to write a simple pam module that stacks
above or below pam_unix that checks for the string *LK* in sp->spwdp for the
user defined in PAM_USER.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
- Openssh still logs in while passwd is locked
- reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
- Fix for USE_POSIX_THREADS in auth-pam.c
- [Bug 2548] New: Make pam_set_data/pam_get_data work with OpenSSH
Wisdom of the Ancients
