On Wed, Oct 05, 2005 at 10:20:13AM -0600, Erik R. Jensen wrote: > > On 10/4/05, Lonnie Olson <[EMAIL PROTECTED]> wrote: > >> public key authentication uses PAM to do no more than look up the > >> home directory of the user. It actually might not use PAM at all and > >> just access the file directly. Locking an account has no effect on > >> this form of auth. > > From what I have gathered, if UsePAM is set to yes in the > sshd_config file, and public key authentication is used, callbacks > will be made only to pam_sm_acct_mgmt and pam_sm_open_session, not > pam_sm_authenticate. So only modules of the type session and account > will be called in the pam.d/sshd config.
One solution is to add pam_listfile to the stack for the apps that provide access to your machine (under each applicable context) and add usernames to the listfile that is specified as a parameter to the module. http://uw714doc.sco.com/en/SEC_pam/pam-6.html#ss6.13 Mike .___________________________________________________________________. Michael A. Halcrow Security Software Engineer, IBM Linux Technology Center GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769 "Given the choice between dancing pigs and security, users will pick dancing pigs every time." - Ed Felten
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
