"Andrey A. Chernov" <[EMAIL PROTECTED]> writes:
> I understand that. What I say - it must be not in default setup because
> break normal password auth for ssh.
Only for users who have set up an OPIE password, but explicitly choose
not to use OPIE.
> I.e. I not set any special option in
> sshd_config to enable OPIE or SKEY, why it is in the way? From sshd
> configuring point of view OPIE auth must be directly enabled and not
> turned on indirectly. Admins who already sets up OPIE for other programs
> will be very confused finding (especially when not finding) that now OPIE
> is turned on indirectly in ssh without even any config options.
OPIE is already automatically enabled in every relevant FreeBSD
utility, and has been for a long time. I would consider it a
significant breach of POLA if sshd required additional configuration
to enable OPIE when no other utility in the base system does.
Dag-Erling Smorgrav - [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message