2008/12/17 Steve McIntyre :
> Luca wrote:
>>2008/12/16 Luca Niccoli :
>>
>>++file_filter(const struct dirent *dir)
>>++{
>>++ return (DT_REG == (DT_REG & dir->d_type)) ||
>>++ (DT_LNK == (DT_LNK & dir->d_type)) ;
>>++}
>>
>>But I use XFS, which seems to have some problems with d_ty
On Wed, Dec 17, 2008 at 2:11 AM, Bastien ROUCARIES
wrote:
> On Wed, Dec 17, 2008 at 12:57 AM, Steve McIntyre wrote:
>> Luca wrote:
>>>2008/12/16 Luca Niccoli :
>>>
I can't really see what I'm doing wrong...
>>>
>>>Maybe I have a clue:
>>>
>>>++file_filter(const struct dirent *dir)
>>>++{
>>>
On Wed, Dec 17, 2008 at 12:57 AM, Steve McIntyre wrote:
> Luca wrote:
>>2008/12/16 Luca Niccoli :
>>
>>> I can't really see what I'm doing wrong...
>>
>>Maybe I have a clue:
>>
>>++file_filter(const struct dirent *dir)
>>++{
>>++ return (DT_REG == (DT_REG & dir->d_type)) ||
>>++ (
Luca wrote:
>2008/12/16 Luca Niccoli :
>
>> I can't really see what I'm doing wrong...
>
>Maybe I have a clue:
>
>++file_filter(const struct dirent *dir)
>++{
>++ return (DT_REG == (DT_REG & dir->d_type)) ||
>++ (DT_LNK == (DT_LNK & dir->d_type)) ;
>++}
>
>But I use XFS, which seem
2008/12/16 Luca Niccoli :
> I can't really see what I'm doing wrong...
Maybe I have a clue:
++file_filter(const struct dirent *dir)
++{
++ return (DT_REG == (DT_REG & dir->d_type)) ||
++ (DT_LNK == (DT_LNK & dir->d_type)) ;
++}
But I use XFS, which seems to have some problems w
2008/12/17 Luca Niccoli :
> But I use XFS, which seems to have some problems with d_type [1]
> I'm not really sure this is the source of the problem, but I thought
> it was worth giving a try...
A second after posting I thought I could try mounting ~/.ssh on tmpfs
for a test, and it worked.
The p
2008/12/16 Jens Peter Secher :
> That is intentional to make it harder to tell the difference between
> which users exist and which do not.
(I know, it was just to point to the fact the pam-ssh is actually running)
> Using option 'try_first_pass' does not make any difference when no
> previous mo
2008/12/15 Luca Niccoli :
> If I type a non-existent user name, I'm asked the SSH password anyway...
That is intentional to make it harder to tell the difference between
which users exist and which do not.
> My /etc/pam.d/gdm
>
> #%PAM-1.0
> authrequisite pam_nologin.so
> authrequ
2008/12/13 Jens Peter Secher :
> The package version is libpam-ssh_1.92-3 in experimental. I have
> tested it extensively, but there is an awful number of ways to use the
> module, so I might have missed something. Please help me and give it
> some real-life testing. :-)
Mmm, I don't know if I'
2008/12/6 Allan Wind :
> On 2008-12-03T23:19:52, Jens Peter Secher wrote:
>> * No SSH passphrase will be asked if the user has no SSH keys.
>
> Is the idea to make the module optional if there is no private key? It
> would be fine if the module is configured as optional (and perhaps
> sufficient
On 2008-12-03T23:19:52, Jens Peter Secher wrote:
> * No SSH passphrase will be asked if the user has no SSH keys.
Is the idea to make the module optional if there is no private key? It
would be fine if the module is configured as optional (and perhaps
sufficient?), but if the module is requir
"Jens Peter Secher" <[EMAIL PROTECTED]> writes:
> OK, I will use ~/.ssh/login-keys.d, unless there are objections.
I think you should consult on ‘pam-list’, the discussion list for PAM,
before making that change.
https://listman.redhat.com/mailman/listinfo/pam-list>
--
\ “True gre
2008/12/5 Peter Palfrader <[EMAIL PROTECTED]>:
>
> It should probably also be called something that describes its purpose
> accurately. like login-keys.d or pam-key.d or something like that.
> id.d is just too generic.
OK, I will use ~/.ssh/login-keys.d, unless there are objections.
Cheers,
--
On Thu, 04 Dec 2008, Jens Peter Secher wrote:
> 2008/12/4 Vincent Zweije <[EMAIL PROTECTED]>:
> > It probably would be fine if there were a (documented) ~/.ssh/id.d/
> > directory containing keys to be used (and nothing else).
> >
>
> That is a very good idea. But the id.d directory should proba
2008/12/4 Luca Niccoli <[EMAIL PROTECTED]>:
> 2008/12/4 Jens Peter Secher <[EMAIL PROTECTED]>:
>
>> To do that you will need to change /etc/pam.d/ssh-auth to
>>
>> auth sufficient pam_ssh.so
>
> I know, that's why I'm not complaining =)
> May writing it in the README.Debian could be a good idea.
>
2008/12/4 Jens Peter Secher <[EMAIL PROTECTED]>:
> To do that you will need to change /etc/pam.d/ssh-auth to
>
> auth sufficient pam_ssh.so
I know, that's why I'm not complaining =)
May writing it in the README.Debian could be a good idea.
> Hmm, if noone else has access to the computer (includ
2008/12/4 Luca Niccoli <[EMAIL PROTECTED]>:
> 2008/12/3 Jens Peter Secher <[EMAIL PROTECTED]>:
>
>> Because of the security implications of changing a PAM module, I would
>> welcome some peer reviewing of the changes I have made. The new package
>> has been uploaded to experimental, and the NEWS.D
2008/12/4 Vincent Zweije <[EMAIL PROTECTED]>:
> On Thu, Dec 04, 2008 at 02:03:52AM -0800, Steve Langasek wrote:
>
> || On Wed, Dec 03, 2008 at 11:19:52PM +0100, Jens Peter Secher wrote:
> ||
> || > * The 'keyfiles' option is now obsolete. Instead the authentication
> || > module will auto
On Thu, Dec 04, 2008 at 02:03:52AM -0800, Steve Langasek wrote:
|| On Wed, Dec 03, 2008 at 11:19:52PM +0100, Jens Peter Secher wrote:
||
|| > * The 'keyfiles' option is now obsolete. Instead the authentication
|| > module will automatically locate all files matching the pattern 'id_*'
||
On Wed, Dec 03, 2008 at 11:19:52PM +0100, Jens Peter Secher wrote:
> * The 'keyfiles' option is now obsolete. Instead the authentication
> module will automatically locate all files matching the pattern 'id_*'
> (the idea for this came from a patch from Javier Serrano Polo).
That doesn
2008/12/3 Jens Peter Secher <[EMAIL PROTECTED]>:
> Because of the security implications of changing a PAM module, I would
> welcome some peer reviewing of the changes I have made. The new package
> has been uploaded to experimental, and the NEWS.Debian is as follows.
> Also, I would like comments
I have recently adopted the libpam-ssh package and made a lot changes in
the way the PAM module works. In summary, the module did not work as
advertised, so I rewrote parts of it while trying to make as little
disruption as possible, but one cannot make an omelet...
Because of the security implic
22 matches
Mail list logo
