[Bug 1904] New: sshd refuses certificate-based authentication if password has expired
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu May 12 05:37:49 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1904
Summary: sshd refuses certificate-based authentication if
password has expired
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: meta at pobox.com
WARNING: Your password has expired.
Password change required but no TTY available.
rsync: connection unexpectedly closed (0 bytes received so far)
[sender]
The problem: No password was being used.
I contend that certificate-based authentication should still be allowed
if the password has expired.
The fact that a password has expired does not mean that the account has
been compromised and that RSA keys should not be trusted; it simply
means that the aged password should not be used any more. Locking out
an authorized key because a password has expired makes about as much
sense to me as locking out every other key in authorized_keys because
one of them is revoked.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list