On Thu, 11 Dec 2008 09:11:26 +0100
Mel <[EMAIL PROTECTED]> wrote:

>On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote:
>> Given, there's several solutions to this:
>> 1) The Kluge as above.
>> 2) A pam module to check /etc/group (this is standard login
>> behavior, and historically supported, and available on other
>> platforms, adding a module, even to ports, is trivial.
>> 3) A patch to openssh to do /etc/shells checking (I'll note that
>> openSSH has the "UseLogin" option, which may also do this.
>> 4) An option to pam_unix to check this.  Differs from #2 in that
>> it's a change to an existing module instead of one in ports.
>5) Use AllowGroups/AllowUsers and/or their Deny equivalent in
>6) Disable password based logins and use keys only.

Personally, I have always used 'keys' instead of passwords. Given
enough time and resources, any password can be cracked. I really do not
understand why so many users insist on using passwords anyway.


A sadist is a masochist who follows the Golden Rule.

Attachment: signature.asc
Description: PGP signature

Reply via email to