Re: For those who care about pam-ssh: RFC
2008/12/6 Allan Wind <allan_wind@lifeintegrity.com>:
> On 2008-12-03T23:19:52, Jens Peter Secher wrote:
>> * No SSH passphrase will be asked if the user has no SSH keys.
>
> Is the idea to make the module optional if there is no private key? It
> would be fine if the module is configured as optional (and perhaps
> sufficient?), but if the module is required then it leaks if the key
> exist and possible if the user exist or not.
>
I have changed the behaviour so that: if the user has no keys, then it
results in an immediate failure only when the try_first_pass option is
used.
Also, if the user does not exist, then an SSH passphrase is asked
anyway, which should fix the information leak.
The package version is libpam-ssh_1.92-3 in experimental. I have
tested it extensively, but there is an awful number of ways to use the
module, so I might have missed something. Please help me and give it
some real-life testing. :-)
Thanks in advance,
--
Jens Peter Secher.
_DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_.
A. Because it breaks the logical sequence of discussion.
Q. Why is top posting bad?
Reply to: