[Bug 511] PublickKeyAuthentication failures when account password expires

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Aug 18 18:37:49 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=511


Ulrich.Windl at rz.uni-regensburg.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CLOSED                      |REOPENED
         Resolution|INVALID                     |




------- Additional Comments From Ulrich.Windl at rz.uni-regensburg.de  2005-08-18 18:37 -------
I think (despite of what Solaris is doing with cron jobs) that a user and an
authentication method is different. So when a password has expired, the user
should use a different password before successfully logging in via password
authentication. But how does that affect public key authentication? Public key
authentication should have its own mechanism of validity checking. I see no
sense to forbid public key authentication if the password authentication is
restricted (password must be changed). Note that having to change the password
does not mean the account is disabled or something like that. It just means you
should use a different password to authenticate. I think it's perfectly legal to
set the encrypted password to an impossible value (thus disabling password
logins) while still being able to log in via public key IMHO.
To summarize: reopen bug for OpenSSH 3.9 (HP-UX Secure Shell-A.03.91.002).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list