On Tue, Sep 04, 2007 at 02:50:25PM -0600, Dwayne C. Litzenberger wrote: > > How about a Debian policy that enumerates the specific cases where > passwords are allowed to be used for authentication, and states that > password authentication must be disabled by default for everything else? > > If you design the system so that it doesn't trust passwords much to begin > with, you don't have to care about how strong the passwords are. > Because not everyone has the luxury of always working from a place where keys can be effectively managed and used. Personally, *none* of my systems allow password logins from the network. However, that needs to be a decision for the individual admin.
Think about it. Someone sets up a box and then heads over to a friend's house. He wants to SCP some stuff over. No password authentication? Oops. Too bad. I don't think that will work without driving away users. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
