On Tuesday, December 3, 2019 1:18:57 AM MST Lennart Poettering wrote: > systemd-homed integrates with sshd's AuthorizedKeysCommand and > supplies any SSH keys assoicated with the user account directly to SSH > without anyone needing access ~/.ssh/. i.e. integration with SSH is > actually already in place. Excellent, that's what I mentioned in the other subthread. Does this use sssd's existing AuthorizedKeysCommand, or would it interfere with it? > The problem is that sshd's PAM implementation doesn't allow PAM > modules to ask questions in login sessions which are authenticated via > authorized_keys instead of PAM. Because if we could ask questions > then, we could simply ask the user for the passphrase to derive the > LUKS key from if we need. That would mean that if you SSH login if you > already are logged in locally, then logins would be instant, but if > you SSH login otherwise then you'd get a prompt for the pw first. Is the key's passphrase always going to be based on the user's password with systed-homed? Is there a mechanism to use a separate password? -- John M. Harris, Jr. Splentity _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
