Re: For those who care about pam-ssh: RFC
2008/12/15 Luca Niccoli <lultimouomo@gmail.com>:
> If I type a non-existent user name, I'm asked the SSH password anyway...
That is intentional to make it harder to tell the difference between
which users exist and which do not.
> My /etc/pam.d/gdm
>
> #%PAM-1.0
> auth requisite pam_nologin.so
> auth required pam_env.so readenv=1
> auth required pam_env.so readenv=1 envfile=/etc/default/locale
> auth sufficient pam_ssh.so try_first_pass
> @include common-auth
Using option 'try_first_pass' does not make any difference when no
previous module has asked for a password.
> auth optional pam_gnome_keyring.so
Ahh, Gnome Keyring.
Sorry that I did not make this clear. All the development and testing
I have done is on a simple system without any other keyring or agent
stuff, and only through /etc/pam.d/login to make sure the basics are
working. If you find something that is not working in such a basic
environment, you should try to add the 'debug' option to pam_ssh and
watch /var/log/auth.log.
I have not yet dived into Gnome Keyring but I will when I am sure that
the basics are up and running.
Cheers,
--
Jens Peter Secher.
_DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_.
A. Because it breaks the logical sequence of discussion.
Q. Why is top posting bad?
Reply to: