[ltp] thinkfinger pam module doesn't allow ssh login
Florian Reitmeir
linux-thinkpad@linux-thinkpad.org
Wed, 7 Nov 2007 12:49:25 +0100
On Wed, 07 Nov 2007, Micha Feigin wrote:
> After some headaches I just discovered that enabling fingerprint logins using
> the thinkfinger pam module doesn't allow users with a fingerprint to login
> using ssh. The ssh connection just closes on attempted authentications with no
> entry in /var/log/auth.log. Users with no fingerprint can login fine (dirty
> workaround). Any ideas if I'm doing something wrong or if this is a bug with
> the thinkfinger pam module?
>
> The settings in /etc/pam.d/common-auth
>
> auth sufficient pam_thinkfinger.so
> auth required pam_unix.so try_first_pass nullok_secure
i think, using /etc/pam.d/common-auth is the wrong place.. it enables
thinkfinger for _all_ daemons which want pam, even imap-daemons, ...
why not enable the module for gdm/kdm? in debian there should a file per
daemon like:
/etc/pam.d/gdm
or
/etc/pam.d/kdm
--
Florian Reitmeir