1 |
Right now, at least on Gentoo, if you lock a user's account with passwd -l |
2 |
<username>, that user is still able to access their account if they have |
3 |
ssh keys set up. This is, in my mind, a fairly big security hole. |
4 |
Googling, I found an issue related to the Solaris implementation of PAM[1] |
5 |
that was fixed in a later version. |
6 |
|
7 |
Does anyone know if there is a way to fix this in Gentoo and/or Linux? (I |
8 |
don't have access to any non-Gentoo linux boxen atm, so I can't say for |
9 |
sure if this issue exists on other distros) A tweak to PAM, perhaps? |
10 |
|
11 |
--kurt |