[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: For those who care about pam-ssh: RFC



On Wed, Dec 03, 2008 at 11:19:52PM +0100, Jens Peter Secher wrote:

>   * The 'keyfiles' option is now obsolete.  Instead the authentication
>     module will automatically locate all files matching the pattern 'id_*'
>     (the idea for this came from a patch from Javier Serrano Polo).

That doesn't sound like a good idea to me.  What if a user has extra ssh
keys lying around that multiple people have the passphrase to, which prior
to this change would have been perfectly safe?

Also, why is the pattern id_*?  ssh also recognizes 'identity' by default. 
Shouldn't this really use the same pattern as ssh itself, i.e.,
(identity|id_dsa|id_rsa)?

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org


Reply to: