bin/112574: sshd(8) ignores nologin(5) if using PAM and public
key
Yar Tikhiy
yar at comp.chem.msu.su
Fri May 11 14:10:09 UTC 2007
The following reply was made to PR bin/112574; it has been noted by GNATS.
From: Yar Tikhiy <yar at comp.chem.msu.su>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: bin/112574: sshd(8) ignores nologin(5) if using PAM and public key
Date: Fri, 11 May 2007 18:00:38 +0400
FWIW, pam_nologin(8) can provide _both_ authentication and account
management using the same check function. By doing so it can satisfy
all cases. I.e., PAM authentication consumers will fail as soon
as possible, like they do now, while sshd(8), cron(8), and atrun(8)
[1], which do not use PAM authentication, will be able to check for
nologin(5) at the PAM account management stage.
[1] I have plans for PAM-ifying cron(8) and atrun(8) so that they
can skip jobs by locked or expired accounts in a consistent way.
Not running user jobs when nologin(5) exists is quite reasonable.
--
Yar
More information about the freebsd-bugs
mailing list