[Pkg-shadow-devel] Bug#389183: passwd -l to lock account in
/etc/shadow as well as /etc/passwd (?)
justinpryzby at users.sourceforge.net
Mon Mar 5 20:57:55 CET 2007
Regarding Debian bug #389183:
pam_unix: in 'account' mode, deny authorization if user's account is locked
The submitter claims that passwd -l should lock the account (as the
manpage claims), rather than lock the password.
Colin knows people that use passwd ! munge to enforce public key
authorization by disabling the password, while leaving the account
enabled (in the shadow file "expires on this many days after 1970"
Steve suggested that passwd -l expire the password in passwd and the
account in shadow; Nicolas implemented this.
Unfortunately I'm not sure how this helps. Are we assuming that one
doesn't use passwd -l but rather vipw to enforce public key auth?
Otherwise the behavior change will suddenly begin to upset Colin's
(sorry for long cc list)
More information about the Pkg-shadow-devel