An interesting use of agent forwarding, combined with a hardware-based SSH key (eg. Yubikey) that I discovered recently is to have sudo on a remote machine depend on a signature provided by the installed SSH agent. This would be a great use case for guardian agent IMO. I'm guessing it would require writing a separate PAM module, since guardian agent doesn't provide SSH_AUTH_SOCK for the existing PAM module to query.
An interesting use of agent forwarding, combined with a hardware-based SSH key (eg. Yubikey) that I discovered recently is to have
sudoon a remote machine depend on a signature provided by the installed SSH agent. This would be a great use case for guardian agent IMO. I'm guessing it would require writing a separate PAM module, since guardian agent doesn't provide SSH_AUTH_SOCK for the existing PAM module to query.