Hi, "Traditional" (pre-PAM) Linux software, like the 'shadow' package providing tools such as /usr/bin/passwd, and OpenSSH in non-PAM mode support the concept of a "locked" account being one whose crypted password field starts with a "!" character. In particular, an account "locked" in this fashion becomes ineligible for ssh logins by public key, as well as by password, when used in this manner, when OpenSSH is not using PAM. I'd quite like to make use of this feature even when OpenSSH *is* using PAM. Is there any existing way to configure PAM to respect this convention? If not, would it be sensible to add it to the pam_unix account-management module? Thanks, Max.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
