OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Linux locked accounts and PAM

From: Max Bowsher (maxbf2s.com)
Date: Thu Oct 02 2008 - 15:51:59 CDT


Hi,

"Traditional" (pre-PAM) Linux software, like the 'shadow' package
providing tools such as /usr/bin/passwd, and OpenSSH in non-PAM mode
support the concept of a "locked" account being one whose crypted
password field starts with a "!" character.

In particular, an account "locked" in this fashion becomes ineligible
for ssh logins by public key, as well as by password, when used in this
manner, when OpenSSH is not using PAM.

I'd quite like to make use of this feature even when OpenSSH *is* using
PAM. Is there any existing way to configure PAM to respect this convention?

If not, would it be sensible to add it to the pam_unix
account-management module?

Thanks,
Max.

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list