[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re: nologin not working with openssh >= 4.3 and authentication !=
From: Damien Miller <djm () mindrot ! org>
Date: 2007-01-22 22:27:46
Message-ID: Pine.BSO.4.64.0701230926470.21495 () fuyu ! mindrot ! org
[Download RAW message or body]
On Fri, 5 Jan 2007, Michael Weiser wrote:
> Hi developers,
>
> today I tried to disable logins to an ssh server by putting a nologin
> file into /etc. This only worked for logins that use the password
> authentication mechanism. publickey-based authentications still
> succeeded and the users were allowed into the system. This seems
> straightforward to me since openssh 4.3 disabled the evaluation of
> /etc/nologin in favour of pam_nologin but doesn't use PAM for anything
> other than password-based logins, does it?
Yes, PAM account and session modules are run for non-password
authentications. My guess is that you have the nologin module in
the authentication section of your PAM config.
-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic