[Bug 165919] Review Request: pam_ssh Pluggable Authentication Module for ssh
bugzilla at redhat.com
bugzilla at redhat.com
Mon Aug 15 21:51:17 UTC 2005
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: pam_ssh Pluggable Authentication Module for ssh
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165919
------- Additional Comments From pertusus at free.fr 2005-08-15 17:51 EST -------
Dmitry,
I'll use the last Summary you proposed.
Regarding the use of pam_ssh related ssh-agent information I didn't said that
users sould use the information setup by pam_ssh. But the same user login with
or without pam_ssh should be able to use that information.
Imagine that your setup is used on the computer zeus, your login is dumas.
pam_ssh is used for pam.d/login and pam.d/gdm but not for pam.d/sshd. There is
an ssh server running on zeus. You login at zeus gdm, this starts an ssh-agent.
Now you walk to another room and login with ssh to zeus. If you can read the
information setup by pam_ssh, like
eval `cat /var/run/pam_ssh/dumas`, you will use the agent.
It doesn't means that other user need have access to your pam_ssh information
but you need to have that access.
It is possible if file is
-r--r--r-- root user
Or if file is
-r-------- user user
In that case the user may modify the file content (but not remove it).
If you think that this sis a usefull feature, please implement the one
you prefer in your patch, otherwise I could do it too.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-extras-list
mailing list