On Thu, Oct 27, 2016 at 02:51:02PM +0200, Ludovic Court??s wrote:
>
> On its own it does nothing. It makes more sense in context with the
other patch I sent.
> With this option in place, one can extend the unix-pam-service with
another pam service
> (such as krb5-pam), and if the krb5 authentication fails (for example
because I am not
> at work) then the password I gave will be presented to the regular
pam_unix login.
> I won't be prompted for it again.
In that case, instead of hardcoding ???use_first_pass??? here, would it be
possible for the pam-krb5 service to extend ???pam-root-service-type???
with
a procedure that automatically adds ???use_first_pass??? where needed?
I will look into it. But almost any other pam module will want to do the same - at least any other which uses passphrase based authentication. So I thought why put the onus on every other module to do this? J' -- Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3 fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key.
signature.asc
Description: Digital signature
