"Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> I understand that. What I say - it must be not in default setup because 
> break normal password auth for ssh.

Only for users who have set up an OPIE password, but explicitly choose
not to use OPIE.

>                                     I.e. I not set any special option in 
> sshd_config to enable OPIE or SKEY, why it is in the way? From sshd 
> configuring point of view OPIE auth must be directly enabled and not 
> turned on indirectly. Admins who already sets up OPIE for other programs 
> will be very confused finding (especially when not finding) that now OPIE 
> is turned on indirectly in ssh without even any config options.

OPIE is already automatically enabled in every relevant FreeBSD
utility, and has been for a long time.  I would consider it a
significant breach of POLA if sshd required additional configuration
to enable OPIE when no other utility in the base system does.

Dag-Erling Smorgrav - [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to