Gentoo Archives: gentoo-dev

From: Kurt Lieber <klieber@g.o>
To: gentoo-dev@g.o
Subject: [gentoo-dev] locking user accounts doesn't really lock them.
Date: Fri, 31 Oct 2003 21:27:33
1 Right now, at least on Gentoo, if you lock a user's account with passwd -l
2 <username>, that user is still able to access their account if they have
3 ssh keys set up. This is, in my mind, a fairly big security hole.
4 Googling, I found an issue related to the Solaris implementation of PAM[1]
5 that was fixed in a later version.
7 Does anyone know if there is a way to fix this in Gentoo and/or Linux? (I
8 don't have access to any non-Gentoo linux boxen atm, so I can't say for
9 sure if this issue exists on other distros) A tweak to PAM, perhaps?
11 --kurt


Subject Author
Re: [gentoo-dev] locking user accounts doesn't really lock them. Kevyn Shortell <trance@g.o>