When authenticating a user by a publickey, sshd grants access to that
account even if its locked by "passwd -l". Seems like sshd is working
the way it is designed. sshd assumes that the key represents a succesful
pam_authenticate and only calls pam_acct_mgmt. Unfortunately
pam_authenticate and not pam_acct_mgmt is doing the locked account
check, so the user is granted access.

Does anybody know a workaround for this? Maybe add an additional
PAM-module in the stack or modify /etc/pam.d/sshd in any way?

Tested on SLES9-SLES11.

dosys-T2's Profile: http://forums.novell.com/member.php?userid=66677
View this thread: http://forums.novell.com/showthread.php?t=449028