From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Darrington <john@darrington.wattle.id.au>
Subject: Re: [PATCH 2/3] gnu: pam_unix.so Add use_first_pass option.
Date: Fri, 28 Oct 2016 07:22:32 +0200
Message-ID: <20161028052231.GA9866@jocasta.intra>
References: <1477150080-17187-1-git-send-email-jmd@gnu.org>
	<1477150080-17187-2-git-send-email-jmd@gnu.org>
	<20161023214550.GD6318@jasmine>
	<20161024045627.GA12193@jocasta.intra> <87k2cuklah.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47351)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1bzzd0-0006id-QP
	for guix-devel@gnu.org; Fri, 28 Oct 2016 01:22:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1bzzcz-0001sl-Rr
	for guix-devel@gnu.org; Fri, 28 Oct 2016 01:22:54 -0400
Content-Disposition: inline
In-Reply-To: <87k2cuklah.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Ludovic Court??s <ludo@gnu.org>
Cc: guix-devel@gnu.org, John Darrington <jmd@gnu.org>


--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 27, 2016 at 02:51:02PM +0200, Ludovic Court??s wrote:
     >
     > On its own it does nothing.  It makes more sense in context with the=
 other patch I sent.
     > With this option in place, one can extend the unix-pam-service with =
another pam service
     > (such as krb5-pam), and if the krb5 authentication fails (for exampl=
e because I am not
     > at work) then the password I gave will be presented to the regular p=
am_unix login.=20
     > I won't be prompted for it again.
    =20
     In that case, instead of hardcoding ???use_first_pass??? here, would i=
t be
     possible for the pam-krb5 service to extend ???pam-root-service-type??=
? with
     a procedure that automatically adds ???use_first_pass??? where needed?
    =20

I will look into it.  But almost any other pam module will want to do the s=
ame - at least
any other which uses passphrase based authentication.  So I thought why put=
 the onus on=20
every other module to do this?


J'

--=20
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3=20
fingerprint =3D 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


--pWyiEgJYm5f9v55/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlgS4JcACgkQimdxnC3oJ7NNEgCeJQNOWrJwZblmOudzS8ZmVH3Q
bqkAn2fzfabb2eYphfIrAK4igxiQ/93d
=RANH
-----END PGP SIGNATURE-----

--pWyiEgJYm5f9v55/--