openssh bugs - Aug 2005 - [Bug 511] PublickKeyAuthentication failures when account password expires

http://bugzilla.mindrot.org/show_bug.cgi?id=511


Ulrich.Windl at rz.uni-regensburg.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CLOSED                      |REOPENED
         Resolution|INVALID                     |




------- Additional Comments From Ulrich.Windl at rz.uni-regensburg.de 
2005-08-18 18:37 -------
I think (despite of what Solaris is doing with cron jobs) that a user and an
authentication method is different. So when a password has expired, the user
should use a different password before successfully logging in via password
authentication. But how does that affect public key authentication? Public key
authentication should have its own mechanism of validity checking. I see no
sense to forbid public key authentication if the password authentication is
restricted (password must be changed). Note that having to change the password
does not mean the account is disabled or something like that. It just means you
should use a different password to authenticate. I think it's perfectly
legal to
set the encrypted password to an impossible value (thus disabling password
logins) while still being able to log in via public key IMHO.
To summarize: reopen bug for OpenSSH 3.9 (HP-UX Secure Shell-A.03.91.002).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.