Date: Fri, 11 May 2007 14:10:08 GMT From: Yar Tikhiy <yar@comp.chem.msu.su> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/112574: sshd(8) ignores nologin(5) if using PAM and public key Message-ID: <200705111410.l4BEA8DN068670@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/112574; it has been noted by GNATS. From: Yar Tikhiy <yar@comp.chem.msu.su> To: bug-followup@FreeBSD.org Cc: Subject: Re: bin/112574: sshd(8) ignores nologin(5) if using PAM and public key Date: Fri, 11 May 2007 18:00:38 +0400 FWIW, pam_nologin(8) can provide _both_ authentication and account management using the same check function. By doing so it can satisfy all cases. I.e., PAM authentication consumers will fail as soon as possible, like they do now, while sshd(8), cron(8), and atrun(8) [1], which do not use PAM authentication, will be able to check for nologin(5) at the PAM account management stage. [1] I have plans for PAM-ifying cron(8) and atrun(8) so that they can skip jobs by locked or expired accounts in a consistent way. Not running user jobs when nologin(5) exists is quite reasonable. -- Yar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705111410.l4BEA8DN068670>