From owner-cvs-all  Mon Mar  6 19:11:48 2000
Delivered-To: cvs-all@freebsd.org
Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8BB8F37BCF0; Mon,  6 Mar 2000 19:11:43 -0800 (PST)
	(envelope-from peter@netplex.com.au)
Received: from netplex.com.au (localhost [127.0.0.1])
	by overcee.netplex.com.au (Postfix) with ESMTP
	id 39FAD1CDE; Tue,  7 Mar 2000 11:11:41 +0800 (WST)
	(envelope-from peter@netplex.com.au)
X-Mailer: exmh version 2.1.1 10/15/1999
To: "Andrew J. Korty" <ajk@iu.edu>
Cc: Adrian Pavlykevych <pam@polynet.lviv.ua>,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libpam/modules/pam_ssh Makefile 
In-Reply-To: Message from "Andrew J. Korty" <ajk@iu.edu> 
   of "Mon, 06 Mar 2000 21:29:46 EST." <Pine.BSF.4.21.0003062114560.10020-100000@tempest.waterspout.com> 
Date: Tue, 07 Mar 2000 11:11:41 +0800
From: Peter Wemm <peter@netplex.com.au>
Message-Id: <20000307031141.39FAD1CDE@overcee.netplex.com.au>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

"Andrew J. Korty" wrote:
> > "Andrew J. Korty" wrote:
> > > > Make pam_ssh work.  It had an undefined symbol when it was
> > > > dlopen()ed.  I'm not quite sure about this, I think it should be
> > > > using -lssh_pic since it's being linked into a .so, but nothing
> > > > seems to complain ahd it does work.  (well, it works for using
> > > > the authorized_keys file, but I have not figured out how to get
> > > > it to start a ssh-agent and cache the key for me)
> > >   
> > > Do you have this line in /etc/pam.conf?
> > 
> > No, there were no examples.  The thought never occurred to have a go
> > at xdm. :-)  I was trying to use 'login'.
> 
> The login program doesn't use the PAM session layer, probably
> because there is no underlying program running during the session
> as there is with XDM, so there would be no way to close the PAM
> session.

Linux's login program does "hang around" to implement the session stuff.  I'm
not sure of the details.

BTW; I suspect there isn't much to stop us making a liblogin (or move the
login stuff to libutil) and build calls to it directly into telnetd,
rlogind, rshd, getty, sshd, etc.  We could implement persistant supervisors
that way. (getty would have to hang around though instead of exec'ing a
login, but that's no big deal these days considering the majority of
machines that have lots of logins use telnetd/sshd/xwindows instead of
physical ttys)

Cheers,
-Peter



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message