[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: For those who care about pam-ssh: RFC

2008/12/6 Allan Wind <allan_wind@lifeintegrity.com>:
> On 2008-12-03T23:19:52, Jens Peter Secher wrote:
>>   * No SSH passphrase will be asked if the user has no SSH keys.
> Is the idea to make the module optional if there is no private key?  It
> would be fine if the module is configured as optional (and perhaps
> sufficient?), but if the module is required then it leaks if the key
> exist and possible if the user exist or not.

I have changed the behaviour so that: if the user has no keys, then it
results in an immediate failure only when the try_first_pass option is

Also, if the user does not exist, then an SSH passphrase is asked
anyway, which should fix the information leak.

The package version is libpam-ssh_1.92-3 in experimental.  I have
tested it extensively, but there is an awful number of ways to use the
module, so I might have missed something.  Please help me and give it
some real-life testing. :-)

Thanks in advance,
                                                    Jens Peter Secher.
_DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_.
A. Because it breaks the logical sequence of discussion.
Q. Why is top posting bad?

Reply to: