2008/12/3 Jens Peter Secher <[EMAIL PROTECTED]>: > Because of the security implications of changing a PAM module, I would > welcome some peer reviewing of the changes I have made. The new package > has been uploaded to experimental, and the NEWS.Debian is as follows. > Also, I would like comments in general about the whether there are > better ways to solve the problems.
As a user, I see a regression: I have @include (pam)-ssh-auth before @include common-auth in my confguration, and I use two different passwords for my local account and my ssh key; this way if I know I'll be networking I take the bother to type the long-and-very-secure password to unlock my key and get acces to the computer, otherwise I just hit enter and I'm asked for the simpler local password (I don't think there's really a point in a strong password if someone has physical access to the computer). This doesn't work anymore out-of-the-box. Of course switching back to the old behaviour is not a big deal, so I'm not complaining, just wondering if this change makes the package better fitted to what the user is expecting from it. Maybe I'm the odd one, I don't know; let me just point that with the new way the unlock of the key is not what grants you the access to the machine (which is what I would think ssh-auth do), IFUC. I also noted is that pam-ssh-auth and pam-ssh-session stayed in /etc/pam.d after the upgrade, I don't know if this is intended. Cheers Luca -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
