pam_tally with sshd: ssh password-based failures not tally'd
John Newbigin
jn at it.swin.edu.au
Thu Oct 28 00:35:43 UTC 2004
Adam Monsen wrote:
>...
> I know this is a somewhat borderline, difficult-to-exploit case, but
> it seems like buggy behavior on the part of pam_tally. I would expect
> either branch of the condition to cause PAM/ssh/whatever just spit out
> "account disabled" and drop the connection.
>
AFAIK, ssh does not have the ability to report a reason for why you
can't log in. This is probably a security feature so you don't leak
info the the hackers.
John.
--
John Newbigin
Computer Systems Officer
Faculty of Information and Communication Technologies
Swinburne University of Technology
Melbourne, Australia
http://www.it.swin.edu.au/staff/jnewbigin
More information about the Pam-list
mailing list