I notice that lsh allows logins when the file /etc/nologin exists.
lsh still doesn't add information to utmp and wtmp so that who,
last, and other commands can give information about logins.
All of these and more (remember password aging and account expiration?)
exist because lsh doesn't use PAM. It seems to me that if PAM doesn't
work well enough to use, then it might be wise to right a login
library that manages all of these issues. Then lsh could use that
library.
I realize that to write the such I library would be time consuming.
Right now, however, there are many login subtleties that aren't being
taken care of. Ignoring these, however, can leave _serious_ security
holes. An admin will think that an account, login, password, or
whatever is disabled - yet users are still able to login and the logins
aren't even visible using the expected tools. I think this is serious
enough that lsh shouldn't be released until these types of things
are fixed.
Other than that, I use lsh all the time and think it's the greatest
thing since . . . hmmmm - can't think of anything right now, but I
sure like lsh.
PS. Does lsh now understand SIGWINCH??
