Subject: pam_ssh for users w/o private keys
To: None <current-users@NetBSD.org>
From: Julio M. Merino Vidal <firstname.lastname@example.org>
Date: 06/22/2005 23:47:17
I've enabled pam_ssh in /etc/pam.d/display_manager, so that I can log in
from gdm using my key's passphrase (and get an agent started).
Everything is fine for my regular user, but it's not for others that
don't have a private key in their home directory (i.e., root).
I mean, if I try to log in as root, gdm asks me for the ssh passphrase
(something that shouldn't happen, as I see it). At that point, I hit
enter, hoping that it would proceed with the next authentication module,
pam_unix, asking me the regular password. But it does not. It just
reports a login error.
AFAICS in the documentation, setting pam_ssh as sufficient (which is the
default in the example display_manager file) should cause failures in
this module to fallback to other modules in the chain (pam_unix).
(I don't think this is a gdm specific bug since the same thing works
fine under Linux, using whatever PAM implementation it has.)
Am I wrong in my expectations? Or is there a problem somewhere?
Julio M. Merino Vidal <email@example.com>
The NetBSD Project - http://www.NetBSD.org/