> >That's a nice thing about pam_yubico with real Yubikeys: > >they can be validated against the Yubico cloud API, > >without any local secrets. > > Just to make sure I understand you correctly - a cloud > service determines whether some access to your server > is to be granted? A cloud service *authenticates* the user. It's the job of *other* PAM modules and configuration to decide what to *authorize* this authenticated identity for, including login.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
