Date: Sun, 15 Jun 1997 10:07:26 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: kmitch@weenix.guru.org (Keith Mitchell) Cc: torstenb@freebsd.org, peter@freebsd.org, ports@freebsd.org Subject: Re: SSH port patch Message-ID: <19970615100726.SU20118@uriah.heep.sax.de> In-Reply-To: <199706091651.MAA11106@weenix.guru.org>; from Keith Mitchell on Jun 4, 1997 13:36:36 -0400 References: <199706091651.MAA11106@weenix.guru.org>
next in thread | previous in thread | raw e-mail | index | archive | help
As Keith Mitchell wrote: > The current port of ssh does not take into account expired passwords > or expired accounts and will therefore still let people in if their > account expires. The following patch fixes that as well as flagging "*" as > a locked password along with "*LK*". I seriously object against the latter! All my FreeBSD accounts do have a "*" Unix password, since i never use Unix passwords on them, but exclusively rely on ssh or S/Key. Your proposal would prevent me from logging in. IMO, "*" means ``No Unix passwords allowed'', not ``Account is locked''. (I know that there are more accounts being prepared this way on FreeBSD.) It should obey expiration however, in particular account expiration. (Obeying password expiration is questionable if passwords aren't being used to log in.) Should your changes only apply to the case where passwords are in effect, the above is moot, of course. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970615100726.SU20118>