Bugzilla – Bug 4460
lsh-pam-checkpw does not do PAM account validation
Last modified: 2012-11-28 12:44:16
You need to
before you can comment on or make changes to this bug.
It turns out that even though an account is disabled (ie through LDAP
shadowExpire etc), you can create a TL session via tlclient.cgi. This because
lsh-pam-checkpw does not do any account validation. We should call
pam_acct_mgmt, but we are not.
Fixed in 26134.
Works. Tested on RHEL 6.