[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenSSH and PAM



On Tue, 12 Sep 2000, Michael Tokarev wrote:

> Chip Christian wrote:
> > 
> > erbenson@alaska.net said:
> > > scp does not create an interactive session, so it should be possible
> > > for ssh to eschew password change enforcment for non-interactive
> > > sessions.
> > 
> > > this would allow users to avoid it by logging in by ssh host /bin/bash
> > > but if they are that stubborn they will find other ways to get out of
> > > changing their password.
> > 
> > Sure, but it still ought to consume any grace logins the user has left, so
> > once the password expires for good, all logins, passworded or not, should
> > fail.
> 
> Moreover, I think that even scp (and any other non-interactive app) should
> just refuse access if user's password should be changed.  (It must if it is
> expired, as Chip Christian said.)  "Hey, change your password firts using
> some interactive way, and retry afterwards".  Actually, scp _is_ (partially)
> interactive.

I would really like this feature added to OpenSSH. What can I do to help ?

> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
> 

-- 
Paul Faure					paul@paulfaure.com
Carleton University Systems Engineer 3rd Year	paul@porkchop.org
Engsoc Admin/BOG Technical Director		paul@engsoc.org





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []