On 27/08/15 21:18, Ted Unangst wrote:
Renaud Allard wrote: I understand the difference, but we are opposed to adding new options unless a majority of users are expected to use them.
OK, I can understand. However, it doesn't do anything normal auth can't do, except giving the user a choice instead of it being imposed by login.conf.
- My patch with the option lets the user choose. The example would be a server with an encrypted home directory. When everything is working correctly, the user can login with, for example, a ssh key and then use doas with a (non yubi) password. But if the server has crashed for whatever reason and /home is not mounted, the only way to login would be with the yubikey because the ssh key is not available and remote login with normal passwords is disabled. The option replicates how sudo was working.Something about this doesn't make sense. If you can't login because your ssh key is gone, there's nothing doas will help you with.
You can still login (and use doas) with yubikey as yubi OTP is still enabled but login with classic password auth (and ssh key) will fail. However, when everything is normal, you are able to use the classic password with "doas -a passwd" without being forced to use the yubikey.
smime.p7s
Description: S/MIME Cryptographic Signature
