Closed lizthegrey closed 5 years ago
Thanks to @elly for her comments on this and help debugging. C is hard.
Honeycomb.io has deployed these changes in production and has confirmed they work.
Ping - any luck looking at this @jbeverly?
Hoping to get to it this weekend after badmath day.
Excellent, thanks!
My weekend went sideways. Hopefully this week or weekend. Sorry!
No worries, volunteer time is always a scarce thing to find :)
First off, sorry for taking so long to get this reviewed. The good news is, it looks pretty good overall.
As with all spare time projects, it takes multiple weeks between passes on either of our parts ;) sorry for the delay here in turn!
I do have some requested changes, nothing too major. One semi-paranoid ask, and then some less paranoid, more practical suggestions.
Addressed.
However, those aside the biggest thing I'd like added is updates to the docs explaining the new capability, how to use it, and with the extra check for being in an sshd service, how to configure it.
Adding. Will re-request review from you when done.
Also, feel free to add yourself to the
CONTRIBUTORS
file if you wish.
Done.
Gentle ping :)
:tada:
If
SSH_AUTH_INFO_0
is present in the PAM environment (which openssh-7.6 and newer will do forsession
andaccount
, and patched openssh will also do forauth
), then check the already-validated public key(s) from thepublickey
method against our list of keys authorized for this PAM module.Addresses #14.