[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM

On Sun, 11 Aug 2002 06:59:29 +0200, Russell Coker <russell@coker.com.au> said:
> With such a PAM module installed anyone who can write to your home directory
> can change your password.

The module provides only PAM auth and session components, so they can't
literally change your password.  Yes, if they can write to your ~/.ssh
directory they'll be able to authenticate as you for any program which uses
the pam_ssh.so auth scheme, but if they can do that they can already log in
as you (by putting their key into your ~/.ssh directory) and connecting
with SSH.

Of course, installing the module won't turn it on for any PAM clients.
The admin will choose how they want to use it.

Roderick Schertler

Reply to: