Right now, at least on Gentoo, if you lock a user's account with passwd -l <username>, that user is still able to access their account if they have ssh keys set up. This is, in my mind, a fairly big security hole. Googling, I found an issue related to the Solaris implementation of PAM[1] that was fixed in a later version.
Does anyone know if there is a way to fix this in Gentoo and/or Linux? (I don't have access to any non-Gentoo linux boxen atm, so I can't say for sure if this issue exists on other distros) A tweak to PAM, perhaps? --kurt
pgp00000.pgp
Description: PGP signature
