PAM modules
Mike Tancsa
mike at sentex.net
Mon Sep 19 18:01:03 UTC 2011
On 9/16/2011 3:10 PM, Corey Smith wrote:
> On 09/16/2011 11:05 AM, Dag-Erling Smørgrav wrote:
>> My question is: which ones?
>
> security/pam_ssh_agent_auth
>
> It is BSD licensed and handy for sudo.
Neato, I didnt know of this module for sudo! However, with the default
install on AMD64, I am getting coredump.
I added
# auth
auth include system
-
+auth sufficient /usr/local/lib/pam_ssh_agent_auth.so
file=/etc/sudokeys debug
# account
account include system
to /usr/local/etc/pam.d/sudo
and added
--- sudoers.sample 2011-09-19 13:24:56.000000000 -0400
+++ sudoers 2011-09-19 13:29:17.000000000 -0400
@@ -62,6 +62,10 @@
## Uncomment to enable special input methods. Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE
QT_IM_SWITCHER"
+
+Defaults env_keep += SSH_AUTH_SOCK
+
+
I must be missing something obvious?
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-security
mailing list