On Sun, Jul 05, 2009 at 08:37:24PM +0200, Florian Weimer wrote:
> If libpam-ssh needs /dev/{u,}random for its cryptographic operations,
> it should fail when the required device is not available. I don't
> think continuing with such severe system misconfiguration makes sense.
If configured for authentication, then I certainly agree that libpam-ssh
should "fail secure" by not allowing login. However, if configured
solely to start an ssh agent and feed it any keys unlocked by the user's
password, it seems reasonable to proceed without doing so, to avoid
locking the user out.
- Josh Triplett
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]