|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Les Mikesell (les
futuresource.com)
Date: Wed Oct 08 2008 - 11:54:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dan Yefimov wrote:
>
>>> No, I miss nothing here. Whatever prefix password hash begins with, if
>>> the password hash derived from the string obtained from the user isn't equal to
>>> what is contained in shadow, access is denied, no matter why. Prefix
>>> differences among different systems is unimportant here.
>> But that has to do with authentication, not whether the account is locked.
>
> "Locking an account" here means "invalidating password hash". So effectively
> that means "disabling password authentication for account", nothing more.
That would make sense if the password file was the one and only way to
authenticate so you could usurp the concept to control the account - but
it isn't when you use PAM...
--
Les Mikesell
lesmikesellgmail.com
_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]