Linux locked accounts and PAM
Thorsten Kukuk
kukuk at suse.de
Thu Oct 2 22:57:55 UTC 2008
On Thu, Oct 02, Max Bowsher wrote:
> Hi,
>
> "Traditional" (pre-PAM) Linux software, like the 'shadow' package
> providing tools such as /usr/bin/passwd, and OpenSSH in non-PAM mode
> support the concept of a "locked" account being one whose crypted
> password field starts with a "!" character.
This has nothing to do with PAM.
> In particular, an account "locked" in this fashion becomes ineligible
> for ssh logins by public key, as well as by password, when used in this
> manner, when OpenSSH is not using PAM.
>
> I'd quite like to make use of this feature even when OpenSSH *is* using
> PAM. Is there any existing way to configure PAM to respect this convention?
On openSUSE you can use "usermod -L" or "passwd -l" for this.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the Pam-list
mailing list