Date: Sun, 14 Jan 2001 01:46:08 -0600 (CST) From: Frank Tobin <ftobin@uiuc.edu> To: <opentrax@email.com> Cc: <genisis@istar.ca>, <security@FreeBSD.ORG> Subject: Re: opinions on password policies Message-ID: <Pine.BSF.4.31.0101140141480.41470-100000@palanthas.neverending.org> In-Reply-To: <200101140733.XAA00644@spammie.svbug.com>
next in thread | previous in thread | raw e-mail | index | archive | help
opentrax@email.com, at 23:33 -0800 on Sat, 13 Jan 2001, wrote:
This is not a good policy. For small infrasturcures (5-100 users),
PKA might be acceptable. However, this is useful only if ALL users
login remotely. Even then, PKA, such as used in SSH, has
management problems.
I'll agree that a lot is dependent on the context of the authentication
(something which was not elaborated on). However, if it is a system where
each user has their own (single-user,closed) workstation, along with there
existing network-wide servers used, a good policy might be to mandate
public-key authentictaion on the network-wide servers, while not caring
about the security policy each user puts on his own machine.
If there is secure computational power at the hands of the user, then PKA
is definitely a good way to go.
--
Frank Tobin http://www.uiuc.edu/~ftobin/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0101140141480.41470-100000>