Date: Wed, 1 Sep 2004 11:10:24 GMT From: Ruslan Ermilov <ru@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/71147: sshd(8) will allow to log into a locked account Message-ID: <200409011110.i81BAOus036698@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/71147; it has been noted by GNATS. From: Ruslan Ermilov <ru@FreeBSD.org> To: Ceri Davies <ceri@submonkey.net> Cc: bug-followup@FreeBSD.org Subject: Re: bin/71147: sshd(8) will allow to log into a locked account Date: Wed, 1 Sep 2004 14:03:59 +0300 On Wed, Sep 01, 2004 at 10:40:23AM +0000, Ceri Davies wrote: > I don't agree, Yar. I think that "pw lock" should be the canonical way > to lock an account, that *LOCKED* should therefore be the string that ssh > checks for on FreeBSD (pw has been doing this for nearly five years, so > I believe that this is the defacto standard now), and that any other string > should be interpreted as "fail password authentication" only. > > Whatever we choose, the string should be passed back to the OpenSSH team > so that they can check for it. > > And this should all be documented as such, obviously ;-) > Matching against the `*' prefix will also match the *LOCKED* prefix, so I don't personally see a big problem here. But *LOCKED* looks nicer to me, and for anyone editing in vipw(8) anyway. Cheers, -- Ruslan Ermilov ru@FreeBSD.org FreeBSD committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409011110.i81BAOus036698>