Hi, On Samstag, 20. März 2010, Petter Reinholdtsen wrote: > Should it stay on our radar, or should we drop it from our radar?
... see below :) > > and if it needs configuration anyway. It's only an apt-get call away > > anyway :) > libpam-ssh do not need configuraiton. It simply kick into action for > users with ssh keys present. :) What does it do? From the description I dont get it: Description: enable SSO behavior for ssh and pam This PAM module provides single sign-on behavior for UNIX using SSH. Users are authenticated by decrypting their SSH private keys with the password provided (probably to XDM). In the PAM session phase, an ssh-agent process is started and keys are added. "Users are authenticated by decrypting their SSH private keys with the password provided (probably to XDM)." - what??? I believe the description suffers from buzzword overdose ("single sign on" sounds fancy, but is actually something else/more than this), bad english (I guess it shall read "On authentication, existing ssh private keys are unlocked with the password supplied to login and added to ssh-agent" or such) and in-accurancy ("_probably_ to XDM" - it should list which DMs are supported for real.) (Does my reading of the description sound correct? If so, I will file a bugreport with suggestions for better wordings...) Also I think such a pam module is bad idea as it is a bad idea, to use the login password to protect ssh keys with. IMO we dont loose anything if we drop it from our radar. cheers, Holger
signature.asc
Description: This is a digitally signed message part.