Using pam_ssh with gdm

[Joe Kelsey]

I want to use pam_ssh with gdm to "streamline" my login.  From reading 
the pam_ssh man page, it claims that the session module starts ssh-agent 
and passes any authenticated keys.  Keys get authenticated during the 
"auth" phase.

I currently have the following lines in /etc/pam.conf:

# GDM (GNOME Display Manager)
gdm     auth    required        pam_unix.so
gdm     auth    optional        pam_ssh.so                debug
gdm     account required        pam_unix.so               try_first_pass
gdm     session required        pam_ssh.so                debug
gdm     password required       pam_deny.so

During login, I get prompted for my ZUNIX password and for my SSH 
passphrase.  I enter both, and the authentication *always* fails on the 
first try, logging the following to syslog:

Oct 13 07:24:30 zircon gdm[186]: Couldn't open session for joek

Then, gdm resets and I reenter the password and passphrase.  The second 
time, I get in.  Apparantly, now ssh-agent has started, but pam_ssh did 
not pass along any authentication information, so I have to call ssh-add 
by hand to actually enter the key information.  This means that every 
time I log in, I have to type my password twice and my passphrase three 
times.

Notice that I set the "debug" flag to pam_ssh.  However, I cannot find 
any trace of debug information in any syslog.  I have even turned on 
/var/log/all.log (*.*) and I still get absolutely no information from pam.

What do I need to do to make pam_ssh actually do what the manual page 
says it does?  I want it to set up my keys with the ssh-agent it starts 
on the first try without this seemingly needless "first try failure".

I hope that someone has some information to help me out.  Does anyone 
actually *use* pam_ssh?

/Joe