Just curious but does this apply only to users who were allowed SSH in the first place or to everyone?
I ask this because my server logs have showed a large number of connects/rejects for people with usernames eerily similar to daemon/process names, such as apache,nobody,admin,user etc. I would be a little spooked to remove a system process completely from the system if this were the case. On 10/8/05, Erik R. Jensen <[EMAIL PROTECTED]> wrote: > > > Looks like you're right. For some strange reason Linux PAM doesn't > > bother checking for account status in pam_acct_mgmt() where Solaris > > PAM does, for exactly this sort of reason. I wonder if there is a > > patch to Linux PAM's pam_unix.so to make it work correctly for session > > and account managment. > > I got a little bored tonight watching TV and sitting on IRC so I wrote a > little PAM module to fix the problem. It will check for locked shadow > passwords during the pam_sm_acct_mgmt callback preventing locked users > from obtaining a login even if they are using public/private key > authentication. I've placed it at the following url with some instructions > in case anyone is interested. > > http://users.netradius.com/~erikrj/pam_shadow_locked.tbz2 > http://users.netradius.com/~erikrj/pam_shadow_locked/ > > -- > Erik R. Jensen > > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
