[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: For those who care about pam-ssh: RFC

2008/12/15 Luca Niccoli <lultimouomo@gmail.com>:

> If I type a non-existent user name, I'm asked the SSH password anyway...

That is intentional to make it harder to tell the difference between
which users exist and which do not.

> My /etc/pam.d/gdm
>  #%PAM-1.0
> auth    requisite       pam_nologin.so
> auth    required        pam_env.so readenv=1
> auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
> auth sufficient pam_ssh.so try_first_pass
> @include common-auth

Using option 'try_first_pass' does not make any difference when no
previous module has asked for a password.

> auth    optional        pam_gnome_keyring.so

Ahh, Gnome Keyring.

Sorry that I did not make this clear.  All the development and testing
I have done is on a simple system without any other keyring or agent
stuff, and only through /etc/pam.d/login to make sure the basics are
working.  If you find something that is not working in such a basic
environment, you should try to add the 'debug' option to pam_ssh and
watch /var/log/auth.log.

I have not yet dived into Gnome Keyring but I will when I am sure that
the basics are up and running.

                                                    Jens Peter Secher.
_DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_.
A. Because it breaks the logical sequence of discussion.
Q. Why is top posting bad?

Reply to: