Re: Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM

To: debian-devel@lists.debian.org
Subject: Re: Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM
From: Roderick Schertler <roderick@argon.org>
Date: 11 Aug 2002 16:43:39 -0400
Message-id: <[🔎] pzlm7dyvlw.fsf@eeyore.ibcinc.com>
References: <[🔎] E17diLC-0000V6-00@jones.argon.org> <[🔎] pzptwqysjw.fsf@eeyore.ibcinc.com> <[🔎] 20020811045929.88C45850B@lyta.coker.com.au>

On Sun, 11 Aug 2002 06:59:29 +0200, Russell Coker <russell@coker.com.au> said:
>
> With such a PAM module installed anyone who can write to your home directory
> can change your password.

The module provides only PAM auth and session components, so they can't
literally change your password.  Yes, if they can write to your ~/.ssh
directory they'll be able to authenticate as you for any program which uses
the pam_ssh.so auth scheme, but if they can do that they can already log in
as you (by putting their key into your ~/.ssh directory) and connecting
with SSH.

Of course, installing the module won't turn it on for any PAM clients.
The admin will choose how they want to use it.

-- 
Roderick Schertler
roderick@argon.org

Reply to:

References:
- Bug#156257: ITP: libpam-ssh -- <Roderick> I didn't write it, I'm just working on it. It authenticates you by u
  - From: Roderick Schertler <roderick@argon.org>
- Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM
  - From: Roderick Schertler <roderick@argon.org>
- Re: Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Pin and apt
Next by Date: Re: Why db_input ... || true
Previous by thread: Re: Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM
Next by thread: Re: Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM
Index(es):
- Date
- Thread