search

switchkiller / pam-face-authentication

Automatically exported from code.google.com/p/pam-face-authentication
0 stars 0 forks source link

[suggestion] disable when using ssh #45

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. ssh remotely into computer
2. attempt to run a command as root
3. tries to verify face, which it obviously can't do

I don't even know if PFA can tell if it is a remote connection or not, but it 
is just annoying to have to wait for the verification to fail before it allows 
me to enter a password.

Original issue reported on code.google.com by ColeWasH...@gmail.com on 13 Aug 2010 at 8:46

GoogleCodeExporter commented 9 years ago 
Well, PFA itself can't tell whether the session is local or remote because it's 
just a module, representing a second login habit.

This detection would be up to the PAM config files (configured seperately).
Nevertheless, I have no clue what change would be needed to accomplish this...

Original comment by feichtne...@gmail.com on 13 Aug 2010 at 10:03

GoogleCodeExporter commented 9 years ago 
 PAM_RHOST contains the host name of the machine that requests the authentication. Checking if RHOST matches with username of the local comp, I think will work. We will try it out and hopefuly include it in the next release (0.4)

Thanks!

Original comment by rohan.a...@gmail.com on 13 Aug 2010 at 11:20

GoogleCodeExporter commented 9 years ago 
Ok, I added a quick check for remote connections to the SVN.
Allowed values for PAM_RHOST are (null) and "localhost", otherwise the plugin 
quits and switches to the next given auth form.

So, if you want to try it out, please just take the SVN version or await a soon 
release of 0.4 ;)

Original comment by feichtne...@gmail.com on 19 Aug 2010 at 5:04