Does a known security issue allow ssh login via system accounts?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Mar 8 04:50:43 AEDT 2022
> >That's a nice thing about pam_yubico with real Yubikeys:
> >they can be validated against the Yubico cloud API,
> >without any local secrets.
>
> Just to make sure I understand you correctly - a cloud
> service determines whether some access to your server
> is to be granted?
A cloud service *authenticates* the user. It's the job of *other* PAM modules and configuration to decide what to *authorize* this authenticated identity for, including login.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20220307/9099a6c3/attachment-0001.p7s>
More information about the openssh-unix-dev
mailing list