From owner-freebsd-bugs@FreeBSD.ORG  Fri May 11 14:10:09 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5478A16A404
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 11 May 2007 14:10:09 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 014FA13C455
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 11 May 2007 14:10:09 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l4BEA8wp068675
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 11 May 2007 14:10:08 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l4BEA8DN068670;
	Fri, 11 May 2007 14:10:08 GMT (envelope-from gnats)
Date: Fri, 11 May 2007 14:10:08 GMT
Message-Id: <200705111410.l4BEA8DN068670@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Yar Tikhiy <yar@comp.chem.msu.su>
Cc: 
Subject: Re: bin/112574: sshd(8) ignores nologin(5) if using PAM and public
	key
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Yar Tikhiy <yar@comp.chem.msu.su>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2007 14:10:09 -0000

The following reply was made to PR bin/112574; it has been noted by GNATS.

From: Yar Tikhiy <yar@comp.chem.msu.su>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/112574: sshd(8) ignores nologin(5) if using PAM and public key
Date: Fri, 11 May 2007 18:00:38 +0400

 FWIW, pam_nologin(8) can provide _both_ authentication and account
 management using the same check function.  By doing so it can satisfy
 all cases.  I.e., PAM authentication consumers will fail as soon
 as possible, like they do now, while sshd(8), cron(8), and atrun(8)
 [1], which do not use PAM authentication, will be able to check for
 nologin(5) at the PAM account management stage.
 
 [1] I have plans for PAM-ifying cron(8) and atrun(8) so that they
 can skip jobs by locked or expired accounts in a consistent way.
 Not running user jobs when nologin(5) exists is quite reasonable.
 
 -- 
 Yar