[Bug 2408] Expose authentication information to PAM

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Apr 14 21:36:24 AEST 2016


Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
                 CC|                            |jjelen at redhat.com

--- Comment #5 from Jakub Jelen <jjelen at redhat.com> ---
This seems to be a reasonable way to communicate authentication details
with PAM and missing piece in the troublesome two factor authentication
in SSH. I didn't find any problem with this patch.

The only thought coming to my mind is possible disclosure of user data
to running application(s). I would also consider adding some knob to
turn this export off (ExportUserauthEnvironment ?) and turn it off by
default. Still, using 2FA is not too common in SSH deployment.

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list