[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: OpenSSH and PAM

From: Paul Nicholas Faure <paul engsoc carleton ca>
To: pam-list redhat com
Subject: Re: OpenSSH and PAM
Date: Tue, 12 Sep 2000 21:38:28 -0400 (EDT)

On Tue, 12 Sep 2000, Michael Tokarev wrote:

> Chip Christian wrote:
> > 
> > erbenson@alaska.net said:
> > > scp does not create an interactive session, so it should be possible
> > > for ssh to eschew password change enforcment for non-interactive
> > > sessions.
> > 
> > > this would allow users to avoid it by logging in by ssh host /bin/bash
> > > but if they are that stubborn they will find other ways to get out of
> > > changing their password.
> > 
> > Sure, but it still ought to consume any grace logins the user has left, so
> > once the password expires for good, all logins, passworded or not, should
> > fail.
> 
> Moreover, I think that even scp (and any other non-interactive app) should
> just refuse access if user's password should be changed.  (It must if it is
> expired, as Chip Christian said.)  "Hey, change your password firts using
> some interactive way, and retry afterwards".  Actually, scp _is_ (partially)
> interactive.

I would really like this feature added to OpenSSH. What can I do to help ?

> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
> 

-- 
Paul Faure					paul@paulfaure.com
Carleton University Systems Engineer 3rd Year	paul@porkchop.org
Engsoc Admin/BOG Technical Director		paul@engsoc.org

References:
- Re: OpenSSH and PAM
  - From: Michael Tokarev <mjt@tls.msk.ru>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []