On Apr 1, 2005, at 12:10 PM, Henrique de Moraes Holschuh wrote:
On Fri, 01 Apr 2005, martin f krafft wrote:also sprach Chris Adams <cadams@salk.edu> [2005.04.01.2143 +0200]:you somewhat from casual attacks against weak passwords: if I obtain a copy of a user's password a public-key-only policy means that I still need some sort of privileged access to their home directory to exploit it... and you need a passphrase to decode the key -- or at least you *should* need one.Better not count on it when dealing with users.
That's what I meant by the two approaches being equal from a policy perspective - you're going to have to audit either way.
Chris
Attachment:
smime.p7s
Description: S/MIME cryptographic signature