Currently, the call to Pam authenticate does not check pam_acct_mgt to verify user belongs to appropriate groups. Thus any login restrictions configured via PAM account modules are ignored.
This usually affects, among others, settings in /etc/security/access.conf (pam_access), /etc/nologin (pam_nologin) and host/service name authorization of pam_ldap.
Any return value other than PAM_SUCCESS from pam_acct_mgmt should prevent a successful authentication.
Intentional omission or a bug?
Observed similar issue on a java based pam library
Currently, the call to Pam authenticate does not check pam_acct_mgt to verify user belongs to appropriate groups. Thus any login restrictions configured via PAM account modules are ignored.
This usually affects, among others, settings in /etc/security/access.conf (pam_access), /etc/nologin (pam_nologin) and host/service name authorization of pam_ldap.
Any return value other than PAM_SUCCESS from pam_acct_mgmt should prevent a successful authentication.
Intentional omission or a bug?
Observed similar issue on a java based pam library