From owner-freebsd-bugs Mon Jan 27 2:20:10 2003 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18F2737B401 for ; Mon, 27 Jan 2003 02:20:09 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B2F043E4A for ; Mon, 27 Jan 2003 02:20:07 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h0RAK7NS081356 for ; Mon, 27 Jan 2003 02:20:07 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h0RAK7iM081352; Mon, 27 Jan 2003 02:20:07 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D286E37B401 for ; Mon, 27 Jan 2003 02:19:44 -0800 (PST) Received: from prime.gushi.org (prime.gushi.org [65.125.228.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CFCA43F8B for ; Mon, 27 Jan 2003 02:19:44 -0800 (PST) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (danm@localhost.com [127.0.0.1] (may be forged)) by prime.gushi.org (8.12.3/8.12.3) with ESMTP id h0RAGeZU039470 for ; Mon, 27 Jan 2003 05:16:40 -0500 (EST) Received: (from danm@localhost) by prime.gushi.org (8.12.3/8.12.3/Submit) id h0RAGamS037876; Mon, 27 Jan 2003 05:16:36 -0500 (EST) Message-Id: <200301271016.h0RAGamS037876@prime.gushi.org> Date: Mon, 27 Jan 2003 05:16:36 -0500 (EST) From: Dan Mahoney Reply-To: Dan Mahoney To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/47541: pw lock still allows access Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 47541 >Category: bin >Synopsis: pw lock still allows access >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 27 02:20:04 PST 2003 >Closed-Date: >Last-Modified: >Originator: Dan Mahoney >Release: FreeBSD 4.7-RELEASE-p1 i386 >Organization: Gushi Systems >Environment: System: FreeBSD prime.gushi.org 4.7-RELEASE-p1 FreeBSD 4.7-RELEASE-p1 #0: Thu Jan 9 04:06:19 EST 2003 danm@prime.gushi.org:/usr/src/sys/compile/PRIME47 i386 >Description: The PW man page indicates that a password locking mechanism is available via the "lock" and "unlock" commands, but should make mention of the fact that an admin should also check for SSH keys which may override the locked password. >How-To-Repeat: Create an account and configure SSH to accept key-based authentication, then try to "lock" the account with pw and attempt key-based login. >Fix: Either cause SSH (and possibly OPIE/Skey) to check for these strings in the beginning of passwords, or indicate the above in the manpage. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message