bugzilla-daemon at bugzilla.mindrot.org
2008-May-31 09:43 UTC
[Bug 1474] New: Password authentication should be configurable per-user
https://bugzilla.mindrot.org/show_bug.cgi?id=1474
Summary: Password authentication should be configurable
per-user
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: andrew-bugzilla.mindrot.org at pileofstuff.org
The PasswordAuthentication option in sshd_config should have the
following extra values:
* default-yes
Allow password logins for users that don't have a
.ssh/disallow-passwords file
* default-no
Disallow password logins for users that don't have a
.ssh/allow-passwords file
This would let users choose whether to allow passwords for their
account, and would allow administrators to choose the default
behaviour.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Aug-28 09:11 UTC
[Bug 1474] Password authentication should be configurable per-user
https://bugzilla.mindrot.org/show_bug.cgi?id=1474
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2009-08-28
19:11:36 EST ---
You (ie the administrator) can use a Match block in sshd_config to
configure PasswordAuthentication per user, eg:
PasswordAuthentication yes
Match User fred
PasswordAuthentication no
see sshd_config(5) for more information.
This doesn't let users control their authentication methods but I'm not
sure that's a good idea anyway.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 1266] incompatibility between s/key and keys Autentification
- Selective blocking of password authentication
- [Bug 3736] New: sshd falls back to password prompt after PAM module returns a PAM_MAXTRIES.
- [Bug 1180] Add finer-grained controls to sshd
- [Bug 843] sshd_config.5: add warning to PasswordAuthentication