Date: Mon, 7 Jan 2002 00:22:23 +0200 From: Jeremy Lea <reg@FreeBSD.org> To: freebsd-hackers@FreeBSD.org Subject: Should pam_ssh and xdm work? Message-ID: <20020107002223.A64504@shale.csir.co.za>
next in thread | raw e-mail | index | archive | help
Hi,
I'm trying to get pam_ssh and xdm to play together, but having a minor
problem...
First off, environment. -CURRENT from Saturday (2002/01/05), with
XFree86-4 port. All ports up to date.
I've uncommented the entries for pam_ssh in /etc/pam.conf, and am trying
to log in via xdm on my local machine. I can type in my SSH passphrase
into the password box, and it authenticates me, and runs my .xsession.
So far, no problems. But it's not setting up the ssh-agent properly.
Two copies of ssh-agent appear to be run, and the environment variables
"SSH_AUTH_SOCK" and "SSH_AGENT_PID" are not passed. They are not
available in any xterms, and they do not appear in the environment while
.xsession is being executed.
Combinations of using "sufficient" and "required" for pam_ssh and
pam_unix do not seem to affect things.
I can use pam_ssh, the environment variables are set, and ssh-agent
forwarding works, using a normal textmode console (i.e. with the
'login' block from pam.conf). I changed the "required" to "sufficient"
for the two pam_ssh lines, so that normal password logins still work.
Only one ssh-agent process is launched.
Setting the two enviroment varaibles manually in an xterm to the
settings for the two ssh-agent processes launched by xdm does not help,
but if they are set to the varaibles for an ssh-agent launched by a
normal console login then ssh forwarding does work.
Using gdm, I can login with my SSH passphase, and the two enviroment
variables are set, but ssh forwarding does not work. With gdm three
ssh-agent processes are started - the third by either gdm or the
gnome-session manager. I suspect the two enviroment variables are being
set by the third process, which is not run from pam_ssh.
So my question. Is this supposed to work? If so, does anyone have the
magic. I think there are two problems here. Only one ssh-agent process
should be launched, and it's environment varaibles need to be passed by
xdm to .xsession.
Hope someone can help.
-Jeremy
--
FreeBSD - Because the best things in life are free...
http://www.freebsd.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020107002223.A64504>