Date: Mon, 27 Jan 2003 05:16:36 -0500 (EST) From: Dan Mahoney <freeBSDbugs@gushi.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/47541: pw lock still allows access Message-ID: <200301271016.h0RAGamS037876@prime.gushi.org>
next in thread | raw e-mail | index | archive | help
>Number: 47541 >Category: bin >Synopsis: pw lock still allows access >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 27 02:20:04 PST 2003 >Closed-Date: >Last-Modified: >Originator: Dan Mahoney >Release: FreeBSD 4.7-RELEASE-p1 i386 >Organization: Gushi Systems >Environment: System: FreeBSD prime.gushi.org 4.7-RELEASE-p1 FreeBSD 4.7-RELEASE-p1 #0: Thu Jan 9 04:06:19 EST 2003 danm@prime.gushi.org:/usr/src/sys/compile/PRIME47 i386 >Description: The PW man page indicates that a password locking mechanism is available via the "lock" and "unlock" commands, but should make mention of the fact that an admin should also check for SSH keys which may override the locked password. >How-To-Repeat: Create an account and configure SSH to accept key-based authentication, then try to "lock" the account with pw and attempt key-based login. >Fix: Either cause SSH (and possibly OPIE/Skey) to check for these strings in the beginning of passwords, or indicate the above in the manpage. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301271016.h0RAGamS037876>