From owner-freebsd-hackers Sun Jan 6 15:32:15 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from shale.csir.co.za (shale.csir.co.za [146.64.46.5]) by hub.freebsd.org (Postfix) with ESMTP id 6BCC037B405 for ; Sun, 6 Jan 2002 15:32:05 -0800 (PST) Received: (from reg@localhost) by shale.csir.co.za (8.11.5/8.11.5) id g06MMNT64865 for freebsd-hackers@FreeBSD.org; Mon, 7 Jan 2002 00:22:23 +0200 (SAT) (envelope-from reg) Date: Mon, 7 Jan 2002 00:22:23 +0200 From: Jeremy Lea To: freebsd-hackers@FreeBSD.org Subject: Should pam_ssh and xdm work? Message-ID: <20020107002223.A64504@shale.csir.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I'm trying to get pam_ssh and xdm to play together, but having a minor problem... First off, environment. -CURRENT from Saturday (2002/01/05), with XFree86-4 port. All ports up to date. I've uncommented the entries for pam_ssh in /etc/pam.conf, and am trying to log in via xdm on my local machine. I can type in my SSH passphrase into the password box, and it authenticates me, and runs my .xsession. So far, no problems. But it's not setting up the ssh-agent properly. Two copies of ssh-agent appear to be run, and the environment variables "SSH_AUTH_SOCK" and "SSH_AGENT_PID" are not passed. They are not available in any xterms, and they do not appear in the environment while .xsession is being executed. Combinations of using "sufficient" and "required" for pam_ssh and pam_unix do not seem to affect things. I can use pam_ssh, the environment variables are set, and ssh-agent forwarding works, using a normal textmode console (i.e. with the 'login' block from pam.conf). I changed the "required" to "sufficient" for the two pam_ssh lines, so that normal password logins still work. Only one ssh-agent process is launched. Setting the two enviroment varaibles manually in an xterm to the settings for the two ssh-agent processes launched by xdm does not help, but if they are set to the varaibles for an ssh-agent launched by a normal console login then ssh forwarding does work. Using gdm, I can login with my SSH passphase, and the two enviroment variables are set, but ssh forwarding does not work. With gdm three ssh-agent processes are started - the third by either gdm or the gnome-session manager. I suspect the two enviroment variables are being set by the third process, which is not run from pam_ssh. So my question. Is this supposed to work? If so, does anyone have the magic. I think there are two problems here. Only one ssh-agent process should be launched, and it's environment varaibles need to be passed by xdm to .xsession. Hope someone can help. -Jeremy -- FreeBSD - Because the best things in life are free... http://www.freebsd.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message