[Bug 1904] New: sshd refuses certificate-based authentication if password has expired

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu May 12 05:37:49 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1904

           Summary: sshd refuses certificate-based authentication if
                    password has expired
           Product: Portable OpenSSH
           Version: 4.3p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: meta at pobox.com


WARNING: Your password has expired.
Password change required but no TTY available.
rsync: connection unexpectedly closed (0 bytes received so far)
[sender]

The problem: No password was being used.

I contend that certificate-based authentication should still be allowed
if the password has expired.

The fact that a password has expired does not mean that the account has
been compromised and that RSA keys should not be trusted; it simply
means that the aged password should not be used any more. Locking out
an authorized key because a password has expired makes about as much
sense to me as locking out every other key in authorized_keys because
one of them is revoked.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list