> How is it different from libpam-ssh? libpam-ssh lets you log into a local console (terminal, GDM, etc) with an SSH passphrase that unlocks your local private key. It then starts an SSH agent and adds your key to it.
libpam-ssh-agent allows you to SSH to a machine with agent forwarding, and use the agent to authorise PAM transactions, most notably sudo. The upshot of this is that I can go: machine1:~$ ssh -A machine2 machine2:~$ sudo su - machine2:/ # I am not prompted for a password to sudo, because libpam-ssh-agent authorises me against my forwarded agent. If I do not have agent forwarding, PAM will follow its usual chain of methods for asking for a credential, generally asking for a password: machine1:~$ ssh machine2 machine2:~$ sudo su - Password: > How will it interact with ssh-agent which starts from Xsession.d/? If you start your own SSH agent, and add your private key, a standard configuration would be to use this PAM module to allow you to sudo with your agent (no password), the same way you could then SSH to other servers with your agent (no password). Craig -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktinhkdhjuzgjy3jsjf0ro4tycdeswg-ngu=gd...@mail.gmail.com