On 2008-12-03T23:19:52, Jens Peter Secher wrote: > * No SSH passphrase will be asked if the user has no SSH keys.
Is the idea to make the module optional if there is no private key? It would be fine if the module is configured as optional (and perhaps sufficient?), but if the module is required then it leaks if the key exist and possible if the user exist or not. I authenticate against my private key by having common-auth read: auth required pam_ssh.so keyfiles=id_dsa (i.e. not using pam_unix). This currently leaks if the user is correct or not via different behavior / error message and bad by similar logic. /Allan -- Allan Wind Life Integrity, LLC http://lifeintegrity.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
