Commit ID r30
|Date:||06-August-2009 at 05:28||Lines Added:||121|
|Repository:||https://pamsshagentauth.svn.sourceforge.net/svnroot/pamsshagentauth/pam_ssh_agent_auth/ /pam_ssh_agent_auth||Lines Removed:||16|
|Commit Comment:||Make the notion of using user-owned authorized keys viable for user-to-user authentication. This involves using PAM_RUSER (or equivilent) for ssh-agent socket validation, while usingPAM_USER for authorized_keys security and sanity checking. It turns out that sudo has a bug wherein PAM_RUSER isn't set until after it calls pam_authenticate, so I added a kludge which will utilize getenv("SUDO_USER") when the
PAM_SERVICE == "sudo" and the PAM_RUSER is NULL; I also
submitted a tiny patch to sudo to fix the problem.
So, since this is truly a kludge, I also added a configure
option to disable it, should you prefer to never trust the environment variable SUDO_USER.
Updated docs to explain the new argument
|File||Language||Code Added||Code Removed||Comments Added||Comment Removed||Blanks Added||Blanks Removed|
Copyright © 2013 Black Duck Software, Inc. and its contributors, Some Rights Reserved. Unless otherwise marked, this work is licensed under a Creative Commons Attribution 3.0 Unported License . Ohloh ® and the Ohloh logo are trademarks of Black Duck Software, Inc. in the United States and/or other jurisdictions. All other trademarks are the property of their respective holders.