>>>>> "Greg" == Greg A Woods <woods@most.weird.com> writes:
    Greg> Perhaps my bull-headed campaign to outlaw passwords in the clear,
    Greg> even for mailbox access, has clouded my reasoning!  ;-)

  yes, that would be nice.

    Greg> My personal opinion on the example you give above is that such a
    Greg> user should not be allowed access to a secured system under any
    Greg> class!  ;-) However I can see a rock and a hard place coming
    Greg> together very quickly there....

  The system in question, is already on a seperate NIC of a firewall (but
still behind). It is the intended to be the "exposed" system.

    Greg> Also, what about an anonymous SSH account that forced the execution
    Greg> of one and only one program?  I've been able to do this with a
 
  Been there, done that. So what? Doesn't interface to Eudora.
  *I* pick up all my email via a modified "inc" which popen()s an SSH
connection to "spopd". Works great, since as you point out, I have a shell
that can do that. One problem, for instance, with people who have a POP 
account, and can do dialup access (with a shell+elm, directly connected
modem), such, as, e.g. my sister, office manager, mom, etc. is that some
of them need to have FTP access to update their web pages. Suddendly, they
can make a .ssh/authorized_keys file!

   :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
   Michael Richardson |  Cow#2: No. I'm a duck.
 Home: mcr@sandelman.ottawa.on.ca. PGP key available.