Hi,
On Samstag, 20. März 2010, Petter Reinholdtsen wrote:
> Should it stay on our radar, or should we drop it from our radar?
... see below :)
> > and if it needs configuration anyway. It's only an apt-get call away
> > anyway :)
> libpam-ssh do not need configuraiton. It simply kick into action for
> users with ssh keys present. :)
What does it do? From the description I dont get it:
Description: enable SSO behavior for ssh and pam
This PAM module provides single sign-on behavior for UNIX using SSH.
Users are authenticated by decrypting their SSH private keys with the
password provided (probably to XDM). In the PAM session phase, an
ssh-agent process is started and keys are added.
"Users are authenticated by decrypting their SSH private keys with the
password provided (probably to XDM)." - what???
I believe the description suffers from buzzword overdose ("single sign on"
sounds fancy, but is actually something else/more than this), bad english (I
guess it shall read "On authentication, existing ssh private keys are
unlocked with the password supplied to login and added to ssh-agent" or such)
and in-accurancy ("_probably_ to XDM" - it should list which DMs are
supported for real.)
(Does my reading of the description sound correct? If so, I will file a
bugreport with suggestions for better wordings...)
Also I think such a pam module is bad idea as it is a bad idea, to use the
login password to protect ssh keys with.
IMO we dont loose anything if we drop it from our radar.
cheers,
Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.