bugzilla-daemon at bugzilla.mindrot.org
2017-May-06 22:39 UTC
[Bug 2712] New: Add fingerprint of key used for public key authentication to PAM handle
https://bugzilla.mindrot.org/show_bug.cgi?id=2712
Bug ID: 2712
Summary: Add fingerprint of key used for public key
authentication to PAM handle
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at mindrot.org
Reporter: seroland86 at gmail.com
I have developed a PAM module that creates the authorized_keys file
from X.509 certificates obtained from LDAP. If specified there are
cases where public keys from user a,b,...,n are synced into the
authorized_keys file of user x. Right now I don't have any possibility
to figure out which actual user has now logged in on behalf of user x.
A solution to this problem is that OpenSSH makes the fingerprint of the
key that has been (succesfully) used during public key authentication
available within the PAM space (pam_set_data() / pam_putenv()).
In this case one could hook in another PAM module e.g. for session
management that obtains the fingerprint and work with it (e.g. mapping
to user and making it available in user environment).
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-May-09 06:46 UTC
[Bug 2712] Add fingerprint of key used for public key authentication to PAM handle
https://bugzilla.mindrot.org/show_bug.cgi?id=2712
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jjelen at redhat.com
--- Comment #1 from Jakub Jelen <jjelen at redhat.com> ---
This is basically a subset of what is already implemented in the bug
#2408 [1].
I would rather focus on merging one of the implementation than creating
three different. It is the third time I hear about similar requests so
I believe it would be a good thing to settle on some solution upstream.
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2408
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 04:09 UTC
[Bug 2712] Add fingerprint of key used for public key authentication to PAM handle
https://bugzilla.mindrot.org/show_bug.cgi?id=2712
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
CC| |djm at mindrot.org
Status|NEW |RESOLVED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Configuration
*** This bug has been marked as a duplicate of bug 2408 ***
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:57 UTC
[Bug 2712] Add fingerprint of key used for public key authentication to PAM handle
https://bugzilla.mindrot.org/show_bug.cgi?id=2712
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Maybe Matching Threads
- [Bug 3190] New: Inconsistent handling of private keys without accompanying public keys
- [Bug 3147] New: Confusing error message when the public key is missing.
- [Bug 2493] New: Accept host key fingerprint as the same as 'yes'
- [Bug 2408] New: Expose authentication information to PAM
- [Bug 2430] New: ssh-keygen should allow to login before reading public key from smart card