How about having a background job that just changes the root password regularly to a new random value, encrypts it with some gpg key, and presents the encrypted data as qr on a virtual console? You just read it in via the notebook webcam, use your private key to decrypt it, and enter it - no PAM changes needed at all. You can easily choose the length, validity period and complexity to whatever you want or require; and it won't repeat. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
