Subject: Re: pam_ssh for users w/o private keys
To: Christos Zoulas <>
From: Julio M. Merino Vidal <>
List: current-users
Date: 06/27/2005 11:59:35
On Thu, 2005-06-23 at 01:22 +0300, Christos Zoulas wrote:
> In article <>,
> Julio M. Merino Vidal <> wrote:
> >Hi all,
> >
> >I've enabled pam_ssh in /etc/pam.d/display_manager, so that I can log in
> >from gdm using my key's passphrase (and get an agent started).
> >Everything is fine for my regular user, but it's not for others that
> >don't have a private key in their home directory (i.e., root).
> >
> >I mean, if I try to log  in as root, gdm asks me for the ssh passphrase
> >(something that shouldn't happen, as I see it).  At that point, I hit
> >enter, hoping that it would proceed with the next authentication module,
> >pam_unix, asking me the regular password.  But it does not.  It just
> >reports a login error.
> >
> >AFAICS in the documentation, setting pam_ssh as sufficient (which is the
> >default in the example display_manager file) should cause failures in
> >this module to fallback to other modules in the chain (pam_unix).
> >
> >(I don't think this is a gdm specific bug since the same thing works
> >fine under Linux, using whatever PAM implementation it has.)
> >
> >Am I wrong in my expectations?  Or is there a problem somewhere?
> Did you type your password when it asked for the passphrase? Do you
> have try first pass set?

I tried once, but it was rejected.  However, entering it as a second
attempt works fine.

Can't the login prompt change when using different modules?  I.e., it
makes no sense for it to say 'SSH passphrase' while expecting the user


Julio M. Merino Vidal <>
The NetBSD Project -