Ford Prefect
2002-Nov-13 22:12 UTC
askpass replacement which uses pam module to get password?
greetings all, i'm not a member of this list, but i'm wondering if anyone has ever tried this before. i'm deploying some linux clients which authenticate against a yp server. at login time, if the user has never logged into the machine before, a script automatically creates their home directory. next, a pam module named pam_authtoken opens a unix socket which makes the plaintext password available to a script which then runs rsync -e ssh to sync their new home directory with the one on the server. at logout time, the process is reversed. the end result is intended to be similar to the "roaming profiles" system of a certain other operating system. unfortunately, i can't find a way to pipe the password into ssh that doesn't expose it one way or another. has anyone done any work on a way to get ssh (not sshd) to get it's password from a pam module (or heck, even from an environment variable)? i saw the work done on the fd patch and i guess that's a possibility, but i was hoping for something cleaner. like i said, i'm not subscribed to this list, so please cc me on any responses. thanks for your time, chris
Possibly Parallel Threads
- [David Huggins-Daines <dhd@plcom.on.ca>] Bug#52414: ssh-add uses ssh-askpass, but ssh doesn't
- [Bug 1393] New: patch modifies gnome-ssh-askpass to optionally use one-time password
- RFE: ssh-askpass program configurable
- ANNOUNCE: x11-ssh-askpass v1.0.1
- ssh-askpass keyboard grab problems