Re: For those who care about pam-ssh: RFC
On Wed, Dec 03, 2008 at 11:19:52PM +0100, Jens Peter Secher wrote:
> * The 'keyfiles' option is now obsolete. Instead the authentication
> module will automatically locate all files matching the pattern 'id_*'
> (the idea for this came from a patch from Javier Serrano Polo).
That doesn't sound like a good idea to me. What if a user has extra ssh
keys lying around that multiple people have the passphrase to, which prior
to this change would have been perfectly safe?
Also, why is the pattern id_*? ssh also recognizes 'identity' by default.
Shouldn't this really use the same pattern as ssh itself, i.e.,
(identity|id_dsa|id_rsa)?
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
Reply to: