[Bug 2408] Expose authentication information to PAM

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Feb 24 21:50:51 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2408

Vincent Brillault <git at lerya.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2791|0                           |1
        is obsolete|                            |

--- Comment #4 from Vincent Brillault <git at lerya.net> ---
Created attachment 2792
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2792&action=edit
Expose successful auth methods via environments (pam and shell)

Dear all,

Sorry for the spamming, but I just realized that it is possible to
expose the 'displayname" of gssapi authentication without a big
modification. This new patch now exposes it but unfortunately I was
only able to test a port of this patch on Centos sources and not this
one directly as the only kerberos-enabled system I have is a Centos
system.

This patch is now feature-complete with the feature I was thinking
about, but if you see an authentication method that I missed and could
also expose relevant information, please tell me.

In the end this patch creates two new functions, both returning  a
char* which needs to be freed:
- ssh_gssapi_get_displayname to get the displayname from a gssapi
session
- sshkey_format_oneline to format a ssh key as it was formated in
pubkey_auth_info
I'm not really good at naming and if anyone has better names for these
function, your advice would be appreciated.

Thanks in advance,
Vincent Brillault

PS: individual patches can be found on github:
https://github.com/openssh/openssh-portable/compare/master...CERN-CERT:master

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list