From owner-freebsd-gnome@FreeBSD.ORG  Mon Oct 13 09:35:04 2003
Return-Path: <owner-freebsd-gnome@FreeBSD.ORG>
Delivered-To: freebsd-gnome@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2E69216A4B3
	for <freebsd-gnome@freebsd.org>; Mon, 13 Oct 2003 09:35:04 -0700 (PDT)
Received: from gilliam.users.flyingcroc.net (gilliam.users.flyingcroc.net
	[207.246.128.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5F34143FA3
	for <freebsd-gnome@freebsd.org>;
	Mon, 13 Oct 2003 09:35:01 -0700 (PDT)
	(envelope-from joek@mail.flyingcroc.net)
Received: from mail.flyingcroc.net (zircon.staff.flyingcroc.net
	[207.246.150.92])h9DGZ0lo054134;
	Mon, 13 Oct 2003 09:35:00 -0700 (PDT)
Message-ID: <3F8AD434.5080104@mail.flyingcroc.net>
Date: Mon, 13 Oct 2003 09:35:00 -0700
From: Joe Kelsey <joek@mail.flyingcroc.net>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030701
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Alexander Leidinger <Alexander@Leidinger.net>
References: <3F8ABD15.2070601@mail.flyingcroc.net>
	<20031013175044.024edc99.Alexander@Leidinger.net>
In-Reply-To: <20031013175044.024edc99.Alexander@Leidinger.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-gnome@freebsd.org
Subject: Re: Using pam_ssh with gdm
X-BeenThere: freebsd-gnome@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: GNOME for FreeBSD -- porting and maintaining
	<freebsd-gnome.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gnome>,
	<mailto:freebsd-gnome-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-gnome>
List-Post: <mailto:freebsd-gnome@freebsd.org>
List-Help: <mailto:freebsd-gnome-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gnome>,
	<mailto:freebsd-gnome-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Oct 2003 16:35:04 -0000

Alexander Leidinger wrote:
> On Mon, 13 Oct 2003 07:56:21 -0700
> Joe Kelsey <joek@mail.flyingcroc.net> wrote:
> 
> 
>>I want to use pam_ssh with gdm to "streamline" my login.  From reading 
>>the pam_ssh man page, it claims that the session module starts ssh-agent 
>>and passes any authenticated keys.  Keys get authenticated during the 
>>"auth" phase.
>>
>>I currently have the following lines in /etc/pam.conf:
> 
> 
> I use it with xdm (on -current), try this instead:
> ---snip---
> gdm auth            sufficient      pam_ssh.so              no_warn try_first_pass
> gdm auth            required        pam_unix.so             no_warn try_first_pass
> 
> gdm account         required        pam_unix.so
> 
> gdm session         optional        pam_ssh.so
> gdm session         required        pam_permit.so
> ---snip---
> 
> Use your ssh password to login.

Thanks.

That seems to solve the problem of the first attempt always fails, but 
it still does not solve the problem of passing my authorized keys to 
ssh-agent.  The ssh-agent still has no identities loaded and I still 
have to run ssh-add separately in order to get the identities in.

I don't know if I really like the idea of using just my ssh pass phrase 
and eliminating my UNIX password, but I guess I can recover from 25 
years of typing my UNIX password(s) eventually...

/Joe