[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: OpenSSH and PAM

From: Ben Collins <bcollins debian org>
To: pam-list redhat com
Subject: Re: OpenSSH and PAM
Date: Mon, 11 Sep 2000 22:51:54 -0400

> As for prompting for a password even with RSA authentication, this would
> severly break configurations using ssh to copy files and run scripts
> automatically (without requiring a password).  What if your cron'd remote
> mirroring scp fails (for 2 days straight) because your password expired on
> a Saturday and it prompts you to change it even though you use RSA key
> authentication for your scripts ? I can think of many more examples where
> the above would be unwanted.

Then the admin should remove expiry info for that account. Bypassing a
security feature for the sake of laziness isn't a good excuse.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'

Follow-Ups:
- ListenAddress option.
  - From: Paul Nicholas Faure <paul@engsoc.org>

References:
- Re: OpenSSH and PAM
  - From: Ben Collins <bcollins@debian.org>
- Re: OpenSSH and PAM
  - From: "Michael A. Dietz" <mad099@dietznet.net>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []