| 1 |
Right now, at least on Gentoo, if you lock a user's account with passwd -l |
| 2 |
<username>, that user is still able to access their account if they have |
| 3 |
ssh keys set up. This is, in my mind, a fairly big security hole. |
| 4 |
Googling, I found an issue related to the Solaris implementation of PAM[1] |
| 5 |
that was fixed in a later version. |
| 6 |
|
| 7 |
Does anyone know if there is a way to fix this in Gentoo and/or Linux? (I |
| 8 |
don't have access to any non-Gentoo linux boxen atm, so I can't say for |
| 9 |
sure if this issue exists on other distros) A tweak to PAM, perhaps? |
| 10 |
|
| 11 |
--kurt |
Archives