[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/3] gnu: pam_unix.so Add use_first_pass option.
From: |
John Darrington |
Subject: |
Re: [PATCH 2/3] gnu: pam_unix.so Add use_first_pass option. |
Date: |
Mon, 24 Oct 2016 06:56:28 +0200 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Sun, Oct 23, 2016 at 05:45:50PM -0400, Leo Famulari wrote:
> diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
> index 4546c1a..0278db6 100644
> --- a/gnu/system/pam.scm
> +++ b/gnu/system/pam.scm
> @@ -217,7 +217,7 @@ should be a file-like object used as the
message-of-the-day."
> (pam-entry
> (control "required")
> (module "pam_unix.so")
> - (arguments '("nullok")))
> + (arguments '("nullok" "use_first_pass")))
pam_unix(8) says:
use_first_pass
The argument use_first_pass forces the module to use a previous
stacked modules
password and will never prompt the user - if no password is available
or the
password is not appropriate, the user will be denied access.
I don't understand exactly what this means for GuixSD. Can you explain
it to us? :)
On its own it does nothing. It makes more sense in context with the other
patch I sent.
With this option in place, one can extend the unix-pam-service with another pam
service
(such as krb5-pam), and if the krb5 authentication fails (for example because I
am not
at work) then the password I gave will be presented to the regular pam_unix
login.
I won't be prompted for it again.
J'
--
Avoid eavesdropping. Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
signature.asc
Description: Digital signature
[PATCH 3/3] gnu: Add pam-krb5 service., John Darrington, 2016/10/22