> One solution is to add pam_listfile to the stack for the apps that > provide access to your machine (under each applicable context) and add > usernames to the listfile that is specified as a parameter to the > module. > > http://uw714doc.sco.com/en/SEC_pam/pam-6.html#ss6.13
This is true, but it would essentially be the same thing as manually editing the Allow* and Deny* entries in sshd_config. It still takes an extra step to make it happen. Perhaps I am just picky in that I think it should not take any extra effort to lock an account other than issuing a "passwd -l". It's definitely something AIX got right (chuser account_locked=true erjensen), even if everything else is in that OS is a pita. OT: I appreciate everyone's info. I think discussions like this should happen more often on the PLUG. -- Erik R. Jensen /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
