[PATCH] Password expiry with Privsep and PAM
Kevin Steves
stevesk at pobox.com
Thu Jan 2 13:51:26 EST 2003
On Tue, Dec 10, 2002 at 11:11:01AM -0600, Ben Lindstrom wrote:
> I know Darren wrote one to use /bin/passwd but after we both looked at it
> we pretty much decided it was not something we wanted to handle, but the
> more I think about this.. the more I'm starting to agree with Markus. No
> matter the additional risks of changing passwords after the tty for v1 and
> v2 has been open it should be done that way. This is just getting way to
> complex to even manage in my head.
yes, i agree. if we can implement password change after
authentication securely, then i think we can change the spec.
complexity is the issue, we can ignore a MUST for now if it weighs on
the side of security.
More information about the openssh-unix-dev
mailing list