Package: gksu
Version: 2.0.0-4
PAM can be configured for multiple credential types, not just
passwords. For example, PAM can be configured to log into accounts
using PKI credentials contained on smartcards, either through
pam_pkcs11 or pam_krb5 (when PKINIT is available).
When the credential is not a password, the PAM authentication prompt
conveys to the user information about the credential requested. For
example, when using pam_pkcs11:
[EMAIL PROTECTED]:~$ sudo ls
TEST2.USER PIN:
This informs the user that the smartcard PIN is requested rather than
a password. Incorrectly providing the password when a PIN is request
results in a failed authentication; multiple failed authentications
can disable the card, so this information is important.
Other PAM-reliant applications, such as sudo, xscreensaver, gdm, or
login, present the unmodified PAM credential prompt to the user.
gksu invokes sudo internally with the -p option and a fixed prompt,
which discards the credential context information PAM provides. This
leads to failed authentications and user confusion.
-- Tim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
