Am 03.11.2017 um 21:48 schrieb Salvatore Bonaccorso: [...] > It's likely that Red Hat just used the approeach as > https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d > and referenced from https://github.com/kohsuke/libpam4j/issues/18 . > > The issue arises because "PAM.authentication() does not call > pam_acct_mgmt(). As a consequence, the PAM account is not properly > verified. Any user with a valid password but with deactivated or > disabled account is able to log in.". > > The above commit should address that.
Hi Salvatore, Thanks for pointing this out. I asked Red Hat for a clarification though. It would be interesting to know why this line was commented out in the first place. Regards, Markus
signature.asc
Description: OpenPGP digital signature
