Usability issue when forced to change password when logging in to a system
Nico Kadel-Garcia
nkadel at gmail.com
Sat Jan 24 13:46:11 AEDT 2015
On Fri, Jan 23, 2015 at 10:50 AM, Peter Stuge <peter at stuge.se> wrote:
> John Olsson M wrote:
>> it looks like OpenSSH does not cache and copy the authentication password
> ..
>> So I am wondering if there is any reason for doing like this?
>
> Data hygiene is one.
Also, in my opinion as more of an admin than a developer, any bug in a
routine that stores psswords temporary in plain text is *begging* to
have a bug or get an unexpected modification that publishes the
passwords somewhere else. Basically, never handle or store dangerous
information that you don't *have* to store.
More information about the openssh-unix-dev
mailing list