Leif Blixt wrote: > Hi! > > We have just figured out a different approach, and will discuss our new idea > with our QSA tomorrow. The idea is to completely turn of the possibility to > log in with passwords, and to use SSH key pairs with long and good > passphrases instead. It will lead to more work with administrating accounts > and there is a small problem on how to distribute the public key to all > servers, but we don't have to set up a RADIUS server just yet! > > I will let you know what the response from our QSA is. > > /Leif
Can you do that? I think local logon would still be an issue, at least the way I read it. Anyone in front of the machine at a console would be subject to the requirements. Brad
