Re: For those who care about pam-ssh: RFC

To: debian-devel@lists.debian.org
Subject: Re: For those who care about pam-ssh: RFC
From: "Jens Peter Secher" <jps@debian.org>
Date: Tue, 16 Dec 2008 00:18:07 +0100
Message-id: <[🔎] c4f47b5b0812151518g57371b64pc1a951ce5bb805cf@mail.gmail.com>
In-reply-to: <[🔎] 4e9568870812150757v155492c8y50b233d9023bdc55@mail.gmail.com>
References: <[🔎] 87oczsnbp3.fsf@tarjan.ravneholm26.dk> <[🔎] 20081206063123.GX20519@lifeintegrity.com> <[🔎] c4f47b5b0812130437k4230328g335fb102e54d212f@mail.gmail.com> <[🔎] 4e9568870812150757v155492c8y50b233d9023bdc55@mail.gmail.com>

2008/12/15 Luca Niccoli <lultimouomo@gmail.com>:

> If I type a non-existent user name, I'm asked the SSH password anyway...

That is intentional to make it harder to tell the difference between
which users exist and which do not.

> My /etc/pam.d/gdm
>
>  #%PAM-1.0
> auth    requisite       pam_nologin.so
> auth    required        pam_env.so readenv=1
> auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
> auth sufficient pam_ssh.so try_first_pass
> @include common-auth

Using option 'try_first_pass' does not make any difference when no
previous module has asked for a password.

> auth    optional        pam_gnome_keyring.so

Ahh, Gnome Keyring.

Sorry that I did not make this clear.  All the development and testing
I have done is on a simple system without any other keyring or agent
stuff, and only through /etc/pam.d/login to make sure the basics are
working.  If you find something that is not working in such a basic
environment, you should try to add the 'debug' option to pam_ssh and
watch /var/log/auth.log.

I have not yet dived into Gnome Keyring but I will when I am sure that
the basics are up and running.


Cheers,
-- 
                                                    Jens Peter Secher.
_DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_.
A. Because it breaks the logical sequence of discussion.
Q. Why is top posting bad?

Reply to:

Follow-Ups:
- Re: For those who care about pam-ssh: RFC
  - From: "Luca Niccoli" <lultimouomo@gmail.com>

References:
- For those who care about pam-ssh: RFC
  - From: Jens Peter Secher <jpsecher.noreply@gmail.com>
- Re: For those who care about pam-ssh: RFC
  - From: Allan Wind <allan_wind@lifeintegrity.com>
- Re: For those who care about pam-ssh: RFC
  - From: "Jens Peter Secher" <jps@debian.org>
- Re: For those who care about pam-ssh: RFC
  - From: "Luca Niccoli" <lultimouomo@gmail.com>

Prev by Date: Bug#508854: ITP: rpcemu -- An open source emulator of Acorn RiscPC-class computer hardware
Next by Date: Re: problems with the concept of unstable -> testing
Previous by thread: Re: For those who care about pam-ssh: RFC
Next by thread: Re: For those who care about pam-ssh: RFC
Index(es):
- Date
- Thread