On Wed, 23 Aug 2006, Stephen Shirley wrote:
> My MUA works just fine. I had manually trimmed the reply addresses as
> i thought they were just the usual reply-all accumulated cruft.
Apologies.
> Hum. Ok, upon re-reading it and another one of your replies, it
> seems you are advocating using normal passwords rather than ssh
> keys + passphrases.
Unless you have faith in the competence of your users, correct.
If you do have such faith in your users, ssh keys are rather useful.
The policy thing was specifically about pass-phrase policy -> you
can't apply any to users and their ssh keys. (You can with local
passwords).
> Isn't that trading the chances of a user screwing up against those
> of a dictionary attack being successful though?
Yes. However at least you have control over your fate, your server
can apply its own "dictionary attack" on users when they change their
password. All modern Linux distributions and Unix OSes which I have
used do this.
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
Q: How many supply-siders does it take to change a light bulb?
A: None. The darkness will cause the light bulb to change by itself.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
