Re: Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM
On Sun, 11 Aug 2002 06:59:29 +0200, Russell Coker <russell@coker.com.au> said:
>
> With such a PAM module installed anyone who can write to your home directory
> can change your password.
The module provides only PAM auth and session components, so they can't
literally change your password. Yes, if they can write to your ~/.ssh
directory they'll be able to authenticate as you for any program which uses
the pam_ssh.so auth scheme, but if they can do that they can already log in
as you (by putting their key into your ~/.ssh directory) and connecting
with SSH.
Of course, installing the module won't turn it on for any PAM clients.
The admin will choose how they want to use it.
--
Roderick Schertler
roderick@argon.org
Reply to: