paralin
commented
4 years ago This might be acceptable (with a flag to enable pam in the skiff-core.yaml):
ssh host
Password: [password]
Last login: Tue Sep 22 17:29:09 PDT 2020 on pts/7
reenter password for pam_mount: [password]Awkward but works and seems to be the native behavior anyway.
The session is not started using PAM currently, instead using "docker exec." Using PAM will correctly mount any libpam_mount volumes on connect, for example.
The problem is that this will require SSH forwarding the raw password through to the session libpam. Probably, something will need to hook libpam in skiff root, and forward the data to the container libpam if it exists. (Non-trivial).