Re: Linux locked accounts and PAM
- Subject: Re: Linux locked accounts and PAM
- From: Thorsten Kukuk <kukuk@xxxxxxx>
- Date: Fri, 3 Oct 2008 00:57:55 +0200
- In-reply-to: <48E5346F.7020303@xxxxxxx>
- Organization: SUSE LINUX Products GmbH, Nuernberg, Germany, GF: Markus Rex, HRB 16746 (AG Nuernberg)
- References: <48E5346F.7020303@xxxxxxx>
- User-agent: Mutt/1.5.9i
On Thu, Oct 02, Max Bowsher wrote:
> Hi,
>
> "Traditional" (pre-PAM) Linux software, like the 'shadow' package
> providing tools such as /usr/bin/passwd, and OpenSSH in non-PAM mode
> support the concept of a "locked" account being one whose crypted
> password field starts with a "!" character.
This has nothing to do with PAM.
> In particular, an account "locked" in this fashion becomes ineligible
> for ssh logins by public key, as well as by password, when used in this
> manner, when OpenSSH is not using PAM.
>
> I'd quite like to make use of this feature even when OpenSSH *is* using
> PAM. Is there any existing way to configure PAM to respect this convention?
On openSUSE you can use "usermod -L" or "passwd -l" for this.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Fedora Users]
[Kernel]
[Red Hat Install]
[Linux for the blind]
[Gimp]
