[Bug 2408] Expose authentication information to PAM

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue May 3 00:14:53 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2408

--- Comment #6 from Vincent Brillault <git at lerya.net> ---
Created attachment 2812
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2812&action=edit
Also add a configuration option to control the exposure

Sorry for the delay. Adding an option to control the exposure of the
authentication methods (and its details) to both PAM and the final
shell session is a very good idea.

I've attached a new patch which should add that option, but I didn't
have time to test it yet. I will port it to our centos-based release
and test it.

This patch introduce a new option, ExposeAuthenticationMethods which
has 3 valid values:
- never: never expose the successful authentication methods
- pam-only: expose them (in details) to pam only, remove them from the
final environment (DEFAULT)
- pam-and-env: in addition to pam, expose them in the final session

Feel free to propose a better name or better values, they currently
sound awful (esp. "pam-and-env")

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list