[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssh-server's default config is dangerous

> SSH access to userfoo and userbar", I'd like to do "disallow non-GDM
> access for userfoo and userbar".

Let me rephrase that: I'd like to "disallow non-GDM
use of userfoo and userbar's password for login".
E.g. I'd still like to allow non-password logins via SSH for those
users, since the only issue is that those users's password are known to
be weak.

Another approach would be to specify different passwords depending on
the use case.  I.e. specify different passwords (for these specific
users) when login via GDM than via other means.  But that seems to
require more serious changes since I'd want `passwd' and other such
tools to modify the GDM password of those users (so they can change
their weak password without having to worry about (or even know) about
the existence of other passwords to access their account).


        Stefan
Reply to: