From mboxrd@z Thu Jan 1 00:00:00 1970 From: John Darrington Subject: Re: [PATCH 2/3] gnu: pam_unix.so Add use_first_pass option. Date: Mon, 24 Oct 2016 06:56:28 +0200 Message-ID: <20161024045627.GA12193@jocasta.intra> References: <1477150080-17187-1-git-send-email-jmd@gnu.org> <1477150080-17187-2-git-send-email-jmd@gnu.org> <20161023214550.GD6318@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42659) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1byXJZ-0001er-2S for guix-devel@gnu.org; Mon, 24 Oct 2016 00:56:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1byXJY-000811-97 for guix-devel@gnu.org; Mon, 24 Oct 2016 00:56:49 -0400 Content-Disposition: inline In-Reply-To: <20161023214550.GD6318@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org, John Darrington --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 23, 2016 at 05:45:50PM -0400, Leo Famulari wrote: > diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm > index 4546c1a..0278db6 100644 > --- a/gnu/system/pam.scm > +++ b/gnu/system/pam.scm > @@ -217,7 +217,7 @@ should be a file-like object used as the message= -of-the-day." > (pam-entry > (control "required") > (module "pam_unix.so") > - (arguments '("nullok"))) > + (arguments '("nullok" "use_first_pass"))) =20 pam_unix(8) says: =20 use_first_pass The argument use_first_pass forces the module to use a previous st= acked modules password and will never prompt the user - if no password is availa= ble or the password is not appropriate, the user will be denied access. =20 I don't understand exactly what this means for GuixSD. Can you explain it to us? :) On its own it does nothing. It makes more sense in context with the other = patch I sent. With this option in place, one can extend the unix-pam-service with another= pam service (such as krb5-pam), and if the krb5 authentication fails (for example becau= se I am not at work) then the password I gave will be presented to the regular pam_unix= login.=20 I won't be prompted for it again. J' --=20 Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3=20 fingerprint =3D 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key. --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEUEARECAAYFAlgNlHsACgkQimdxnC3oJ7OmUgCVFOql0muGNAluAPxo/PrSdFF8 IwCdFgGJ5+X9aCqFc5zZfzY0vpN2nyA= =ZCt3 -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd--