Subject: Re: pam_ssh for users w/o private keys
To: Christos Zoulas <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 06/24/2005 07:59:15
Content-Type: text/plain; charset=us-ascii
On Fri, Jun 24, 2005 at 08:46:48AM -0400, Christos Zoulas wrote:
> On Jun 23, 7:40pm, firstname.lastname@example.org (Bill Studenmund) wrote:
> -- Subject: Re: pam_ssh for users w/o private keys
> | > Did you type your password when it asked for the passphrase? Do you
> | > have try first pass set?
> | I had to disable try_first_pass in a lot of lines. Seems our=3D20
> | try_first_pass isn't implemented right, and it acts like use_first_pass=
> | It's supposed to re-ask on failure, but doesn't.
> Yes, I have been wondering what the correct semantics for it should be.
> If you look in the ssh pam module, it checks and retries. The others don'=
I think the others should check and retry. At least that's what I expected=
from the pam_unix man page:
try_first_pass This option is similar to the use_first_pass option,
except that if the previously obtained password fails,
the user is prompted for another password.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----