bugzilla-daemon at mindrot.org
2005-Aug-18 08:37 UTC
[Bug 511] PublickKeyAuthentication failures when account password expires
http://bugzilla.mindrot.org/show_bug.cgi?id=511 Ulrich.Windl at rz.uni-regensburg.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|INVALID | ------- Additional Comments From Ulrich.Windl at rz.uni-regensburg.de 2005-08-18 18:37 ------- I think (despite of what Solaris is doing with cron jobs) that a user and an authentication method is different. So when a password has expired, the user should use a different password before successfully logging in via password authentication. But how does that affect public key authentication? Public key authentication should have its own mechanism of validity checking. I see no sense to forbid public key authentication if the password authentication is restricted (password must be changed). Note that having to change the password does not mean the account is disabled or something like that. It just means you should use a different password to authenticate. I think it's perfectly legal to set the encrypted password to an impossible value (thus disabling password logins) while still being able to log in via public key IMHO. To summarize: reopen bug for OpenSSH 3.9 (HP-UX Secure Shell-A.03.91.002). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.