https://bugzilla.novell.com/show_bug.cgi?id=730851
https://bugzilla.novell.com/show_bug.cgi?id=730851#c16
Vitezslav Cizek changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEEDINFO
InfoProvider| |kukuk@suse.com
--- Comment #16 from Vitezslav Cizek 2012-08-08 14:35:57 CEST ---
Thorsten,
Current pam-config setup adds pam_ssh.so as optional to auth group.
So it has to be listed above sufficient modules.
The ssh passphrase gets passed to next modules in stack,
however if the passphrase is different from the unix password,
the authentication fails.
(pam_unix2 takes by default the password from a previous module,
as does pam_krb5 in our current setup)
Therefore I would suggest changing optional to sufficient.
If someone wants to enable pam_ssh, he likely wants to use
it directly to authenticate
(despite it probably not being really a authenticaton module as Michael pointed
out)
I'll submit the change if you like it.
Or do you prefer any other solution?
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.