On Mar 4, 3:35 am, toneeeda...@googlemail.com wrote: > On Fri, Mar 4, 2011 at 12:11 AM, Ben Hughes <b...@puppetlabs.com> wrote: > > On Thu, Mar 03, 2011 at 09:09:59AM -0800, toneee wrote: > > > > I have a small problem, I am creating users with ssh keys and this is > > > working fine, the only problem I have is because i dont set a password > > > and only use sshkeys to login the account created is locked. Is there > > > any way around this? > > > What OS/distribution is this on. That combination should work fine. > > Hi Im running on centos 5.5, with the latest puppet from the epel repos. if > i manually unlock the account i can login fine with ssh keys, so i was > wondering if its to do with creating a user without a password?
No doubt it is. I wouldn't fault any distribution for locking accounts w/o passwords by default. I'm curious: how do you prevent users from logging in using the standard mechanism? Or once they are logged in, how do you prevent them from using su to assume other password-less users' identities? I don't currently use the mechanism, but I didn't think sshkey logins required the target user to be password-less. Am I mistaken? Otherwise, wouldn't it be better to generate random passwords for your users? If they are intended to log in only via the ssh key mechanism, then you would not need to communicate those passwords. Alternatively, creating all accounts with some standard password or password pattern is no less secure than creating them without any password at all. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
