Hi Giovanni, On Tue, May 30, 2023 at 9:59 AM Giovanni Biscuolo <[email protected]> wrote: > > AFAIU pam_ssh_agent_auth https://pamsshagentauth.sourceforge.net/ is not > already packaged in Guix, or am I missing something?
I was not able to find it, either. > I'd like to execute sudo without having to set and enter a password [1] > and that PAM module is needed You could also add a line like this to your /etc/sudoers (but I don't recommend it) user_name ALL=(ALL) NOPASSWD:ALL > is someone already using such a configuration in a Guix System? Not quite. I added my public ssh key to root's authorized_keys. It's different from what you are looking for but gives you a root prompt with 'ssh root@localhost`. I did it because it's required for 'guix deploy'. Personally, I have not used the SSH agent, but it's an interesting avenue. I use Kerberos instead, which is probably the gold standard for distributed authentication. You are doing the right thing by thinking about your options. When playing with PAM, please remember that PAM can never elevate privileges of its own process. It is a shared library that runs as part of a privileged executable (often setuid root). PAM decides whether someone hoping to use the executable is authorized to do so. Kind regards Felix
