RE: SCO OpenServer 5.0.5 authenticates locked accounts



I noticed this 9 years ago on Solaris. My work-around to this day is to
'chmod 000 ~lockeduser/.ssh' This is easily reversible, just as the *LK*
can be removed from the encrypted string. I noticed this problem only when
the user is using key instead of password authentication.

--
Michael P. Brininstool

-----Original Message-----
From: Powell, Scott [mailto:SPowell@xxxxxxxxxxxx]
Sent: Thursday, April 13, 2006 4:08 PM
To: secureshell@xxxxxxxxxxxxxxxxx
Subject: SCO OpenServer 5.0.5 authenticates locked accounts

I have noticed that SSH compiled for SCO OpenServer 5.0.5 is authenticating
locked accounts. I have tried re-compiling the latest portable version,
4.3p2, as well as some older versions. I also tried a Skunkware version
supplied by SCO. All of these are authenticating locked accounts. I even
messed around in configure.ac and added AC_DEFINE(LOCKED_PASSWD_STRING,
"*LK*") to the *-*-sco3.2v5* definitions (locked accounts have a *LK* in the
shadow file as a prefix to the encrypted password hash.

Does anyone have any recommendations or workarounds?

Thanks,
Scott