From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Darrington <john@darrington.wattle.id.au>
Subject: Re: [PATCH 2/3] gnu: pam_unix.so Add use_first_pass option.
Date: Mon, 24 Oct 2016 06:56:28 +0200
Message-ID: <20161024045627.GA12193@jocasta.intra>
References: <1477150080-17187-1-git-send-email-jmd@gnu.org>
	<1477150080-17187-2-git-send-email-jmd@gnu.org>
	<20161023214550.GD6318@jasmine>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42659)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1byXJZ-0001er-2S
	for guix-devel@gnu.org; Mon, 24 Oct 2016 00:56:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1byXJY-000811-97
	for guix-devel@gnu.org; Mon, 24 Oct 2016 00:56:49 -0400
Content-Disposition: inline
In-Reply-To: <20161023214550.GD6318@jasmine>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org, John Darrington <jmd@gnu.org>


--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Oct 23, 2016 at 05:45:50PM -0400, Leo Famulari wrote:

     > diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
     > index 4546c1a..0278db6 100644
     > --- a/gnu/system/pam.scm
     > +++ b/gnu/system/pam.scm
     > @@ -217,7 +217,7 @@ should be a file-like object used as the message=
-of-the-day."
     >                           (pam-entry
     >                            (control "required")
     >                            (module "pam_unix.so")
     > -                          (arguments '("nullok")))
     > +                          (arguments '("nullok" "use_first_pass")))
    =20
     pam_unix(8) says:
    =20
     use_first_pass
         The argument use_first_pass forces the module to use a previous st=
acked modules
         password and will never prompt the user - if no password is availa=
ble or the
         password is not appropriate, the user will be denied access.
    =20
     I don't understand exactly what this means for GuixSD. Can you explain
     it to us? :)

On its own it does nothing.  It makes more sense in context with the other =
patch I sent.
With this option in place, one can extend the unix-pam-service with another=
 pam service
(such as krb5-pam), and if the krb5 authentication fails (for example becau=
se I am not
at work) then the password I gave will be presented to the regular pam_unix=
 login.=20
I won't be prompted for it again.

J'

--=20
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3=20
fingerprint =3D 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


--ZPt4rx8FFjLCG7dd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEUEARECAAYFAlgNlHsACgkQimdxnC3oJ7OmUgCVFOql0muGNAluAPxo/PrSdFF8
IwCdFgGJ5+X9aCqFc5zZfzY0vpN2nyA=
=ZCt3
-----END PGP SIGNATURE-----

--ZPt4rx8FFjLCG7dd--