[Bug 2408] Expose authentication information to PAM

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Apr 14 21:36:24 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2408

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #5 from Jakub Jelen <jjelen at redhat.com> ---
This seems to be a reasonable way to communicate authentication details
with PAM and missing piece in the troublesome two factor authentication
in SSH. I didn't find any problem with this patch.

The only thought coming to my mind is possible disclosure of user data
to running application(s). I would also consider adding some knob to
turn this export off (ExportUserauthEnvironment ?) and turn it off by
default. Still, using 2FA is not too common in SSH deployment.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list