On Fri, 3 Nov 2017 21:48:21 +0100 Salvatore Bonaccorso <car...@debian.org> wrote: [...]
> It's likely that Red Hat just used the approeach as > https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d > and referenced from https://github.com/kohsuke/libpam4j/issues/18 . > > The issue arises because "PAM.authentication() does not call > pam_acct_mgmt(). As a consequence, the PAM account is not properly > verified. Any user with a valid password but with deactivated or > disabled account is able to log in.". > > The above commit should address that. Hi, I haven't got a response from Red Hat or upstream yet. I will apply this patch. It's the only hint so far that makes sense. Regards, Markus
signature.asc
Description: OpenPGP digital signature
