Date: Mon, 19 Sep 2011 14:00:55 -0400 From: Mike Tancsa <mike@sentex.net> To: Corey Smith <corsmith@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: PAM modules Message-ID: <4E778357.1030206@sentex.net> In-Reply-To: <CAHQQXOObKpCU9syvv0tYfets9%2BsMKjYU0ONeQ23KGkOOnxJOaA@mail.gmail.com> References: <CAHQQXOObKpCU9syvv0tYfets9%2BsMKjYU0ONeQ23KGkOOnxJOaA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/16/2011 3:10 PM, Corey Smith wrote: > On 09/16/2011 11:05 AM, Dag-Erling Smørgrav wrote: >> My question is: which ones? > > security/pam_ssh_agent_auth > > It is BSD licensed and handy for sudo. Neato, I didnt know of this module for sudo! However, with the default install on AMD64, I am getting coredump. I added # auth auth include system - +auth sufficient /usr/local/lib/pam_ssh_agent_auth.so file=/etc/sudokeys debug # account account include system to /usr/local/etc/pam.d/sudo and added --- sudoers.sample 2011-09-19 13:24:56.000000000 -0400 +++ sudoers 2011-09-19 13:29:17.000000000 -0400 @@ -62,6 +62,10 @@ ## Uncomment to enable special input methods. Care should be taken as ## this may allow users to subvert the command being run via sudo. # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" + +Defaults env_keep += SSH_AUTH_SOCK + + I must be missing something obvious? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E778357.1030206>