Re: SSH ignores locked accounts
From: Vahid (sunman_at_ureach.com)
Date: 4 Nov 2003 14:00:02 -0800
Yes, that is now working in 3.7p1. Thank you.
I have been planning to upgrad our OpenSSH but it seems each snapshot
is better that the previous one, so I am not sure if I should wait
until not much update is done to openssh or just get the latest
snapshot and roll it out?
Also, I am not sure where is the release version in the snapshot and
in general if is it a good idea to get the latest snapshot or not.
email@example.com (Darren Tucker) wrote in message news:<firstname.lastname@example.org>...
> In article <email@example.com>,
> Vahid <firstname.lastname@example.org> wrote:
> >In almost all versions of OpenSSSh, if key-based trust is used for an
> >account, the user can log-on to the system even if the account is
> >locked. In Solaris "*LK*" in password fiels of /etc/shadow file
> >indicates a locked account and it is ignored by openssh.
> >Is there a work-around or we have to live with it?
> As of 3.7p1 sshd will honour the locked account settings on Solaris
> (and many other platforms). The changes would be relatively easy to
> back-port to previous versions if someone was so inclined. If you're
> going to upgrade 3.7.1p2 is recommended.