Date: Mon, 13 Oct 2003 07:56:21 -0700 From: Joe Kelsey <joek@mail.flyingcroc.net> To: stable@freebsd.org, gnome@freebsd.org Subject: Using pam_ssh with gdm Message-ID: <3F8ABD15.2070601@mail.flyingcroc.net>
next in thread | raw e-mail | index | archive | help
I want to use pam_ssh with gdm to "streamline" my login. From reading the pam_ssh man page, it claims that the session module starts ssh-agent and passes any authenticated keys. Keys get authenticated during the "auth" phase. I currently have the following lines in /etc/pam.conf: # GDM (GNOME Display Manager) gdm auth required pam_unix.so gdm auth optional pam_ssh.so debug gdm account required pam_unix.so try_first_pass gdm session required pam_ssh.so debug gdm password required pam_deny.so During login, I get prompted for my ZUNIX password and for my SSH passphrase. I enter both, and the authentication *always* fails on the first try, logging the following to syslog: Oct 13 07:24:30 zircon gdm[186]: Couldn't open session for joek Then, gdm resets and I reenter the password and passphrase. The second time, I get in. Apparantly, now ssh-agent has started, but pam_ssh did not pass along any authentication information, so I have to call ssh-add by hand to actually enter the key information. This means that every time I log in, I have to type my password twice and my passphrase three times. Notice that I set the "debug" flag to pam_ssh. However, I cannot find any trace of debug information in any syslog. I have even turned on /var/log/all.log (*.*) and I still get absolutely no information from pam. What do I need to do to make pam_ssh actually do what the manual page says it does? I want it to set up my keys with the ssh-agent it starts on the first try without this seemingly needless "first try failure". I hope that someone has some information to help me out. Does anyone actually *use* pam_ssh? /Joe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F8ABD15.2070601>