From owner-cvs-all  Mon Mar  6 17:16:46 2000
Delivered-To: cvs-all@freebsd.org
Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7])
	by hub.freebsd.org (Postfix) with ESMTP
	id AF81637BD48; Mon,  6 Mar 2000 17:16:37 -0800 (PST)
	(envelope-from peter@netplex.com.au)
Received: from netplex.com.au (localhost [127.0.0.1])
	by overcee.netplex.com.au (Postfix) with ESMTP
	id C845D1CDE; Tue,  7 Mar 2000 09:16:35 +0800 (WST)
	(envelope-from peter@netplex.com.au)
X-Mailer: exmh version 2.1.1 10/15/1999
To: "Andrew J. Korty" <ajk@iu.edu>
Cc: Adrian Pavlykevych <pam@polynet.lviv.ua>,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libpam/modules/pam_ssh Makefile 
In-Reply-To: Message from "Andrew J. Korty" <ajk@iu.edu> 
   of "Mon, 06 Mar 2000 16:05:48 EST." <Pine.BSF.4.21.0003061559050.8137-100000@kobayashi.uits.iupui.edu> 
Date: Tue, 07 Mar 2000 09:16:35 +0800
From: Peter Wemm <peter@netplex.com.au>
Message-Id: <20000307011635.C845D1CDE@overcee.netplex.com.au>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

"Andrew J. Korty" wrote:
> > Make pam_ssh work.  It had an undefined symbol when it was
> > dlopen()ed.  I'm not quite sure about this, I think it should be
> > using -lssh_pic since it's being linked into a .so, but nothing
> > seems to complain ahd it does work.  (well, it works for using
> > the authorized_keys file, but I have not figured out how to get
> > it to start a ssh-agent and cache the key for me)
>   
> Do you have this line in /etc/pam.conf?

No, there were no examples.  The thought never occurred to have a go
at xdm. :-)  I was trying to use 'login'.

> 	xdm session     optional        pam_ssh.so
> 
> Btw, we should really put some example lines in the default pam.conf file
> along the lines of
> 
> 	xdm auth        sufficient      pam_skey.so
> 	xdm auth        requisite       pam_cleartext_pass_ok.so
> 	xdm auth        sufficient      pam_ssh.so      try_first_pass
> 	xdm auth        required        pam_unix.so     try_first_pass
> 	xdm account     required        pam_unix.so
> 	xdm session     optional        pam_ssh.so

Definately, but just checking, are these functional lines? I'd hate to
mess something up.

BTW; what happens if we list pam_ssh.so and it wasn't compiled as the crypto
source isn't present?  Will it skip it or cause failures?

Cheers,
-Peter



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message