3.8p1 password expiry, Solaris 8
Darren Tucker
dtucker at zip.com.au
Fri Mar 19 11:47:15 EST 2004
Kevin Mack wrote:
> On Fri, Mar 19, 2004 at 11:12:58AM +1100, Darren Tucker wrote:
>>Do you need password expiry for non-password authentications?
>
> Umm, strictly speaking, no. We use both public-key and password
> authentications and find it more convenient to have password
> expiry on all accounts, and easier to lock them with 'passwd -l'.
Since about 3.7p1, sshd will honour "passwd -l" locking of accounts for
any auth method as long as UsePAM=no. (When UsePAM=yes, those checks
are delegated to PAM, and I believe its behaviour depends on which
Solaris patches you have installed).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list