sbalneavEvening all02:44
stgraberevening sbalneav03:08
sbalneavstgraber: Got a minute? I'd like an opinion.04:53
stgrabersbalneav: sure05:14
stgrabersbalneav: sorry for the delay, was writting a blog post for the bug day05:15
sbalneavNP, so I've been hacking around tonight with pam-sshauth.05:23
sbalneavI think I've settled on what I want to do, but I just want an opinion as to if this seems sane or not.05:24
sbalneavSo, we use libssh for authentication, and handling the password change.05:24
sbalneavbut once we've done the auth, rather than duplicate a bunch of code, seems to me the best thing to do would be to spawn off just an ssh, using the password we've just gotten.05:25
sbalneavseeing as how it's a pam module, we shouldn't need to worry about the ssh's password expiring, since if it DID expire, we would have just handled that.05:26
sbalneavso theoretically, by the time we drop to handling the session part, we can just do the ssh hostname, an pass the password we've gotten.05:26
sbalneavand the spawned ssh will handle the x11 and command socket stuff.05:27
stgraberhmm, wouldn't that block PAM in some way ?05:32
stgraberit'd perfectly be fine to have a module option to keep the SSH in the background and have a master socket created05:33
stgraberso we can then use that to do whatever we want and that will still act just like a regular PAM module05:33
stgraberso if someone uses that module for authentication on his laptop against one of his company's ssh server, he'll still get a local console and not a remote one and if wanted he'd also get access to a SSH control socket so he doesn't need to authenticate again for that SSH server.05:34
=== alkisg1 is now known as alkisg
nixternalKDE-Edu team is having an irc meeting at 20:00 UTC on January 14th in #kde-edu here on Freenode for those that might be interested21:10
=== Vantrax is now known as cabaret
=== cabaret is now known as Vantrax

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!