|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Fri, Jun 27, 2008 at 12:06:33PM -0700, wc wong wrote:
> I tried "PermitEmptyPasswords no" and the failure count did not
> increase. Unfortunately, our server has to use "PermitEmptyPasswords
> yes" for some user access. Hence we need to find another solution
> to inform the OS of the success of the pubkey authentication so
> that the failure count will be reset for a successful pubkey
> authentication. It would be great if this solution can be implemented
> in OpenSSH.
Unfortunately I don't think that's possible with the existing PAM APIs.
The only other possible solutions I can think of:
* The nullok option which someone mentioned to me in private mail. I think
this is specific to LinuxPAM, though.
* If you can do without it, don't enable PAM support in sshd.
* If your module can be made to work that way, have it clear the failed
login count in the "session" stack.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
[Home] [Fedora Users] [Fedora Legacy] [Fedora Desktop] [Fedora Bible] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
|
|