It appears that when using public key authentication with openssh, the locked status of an account is ignored. This means I can issue "passwd -l", and if the user had setup ssh keys for authentication, they can still login. I know there are other ways to further lock an account which I have been doing, but I really just want openssh to respect the "!" that gets placed in the shadow file when a "passwd -l" is issued. Is there a change I can make in /etc/pam.d/sshd to force this check to happen or something I am just overlooking?
I don't have this problem on the AIX and Solaris machines I manage, just the Linux boxen. I have done a little digging, but nothing in depth and thought I would post to the list to see if it can save me some time. Thanks. -- Erik R. Jensen /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
