[Fingerforce-devel] [Thinkfinger-devel] ThinkFinger, Quo Vadis?
Timo Hoenig
thoenig at suse.de
Thu Nov 15 14:29:52 UTC 2007
Hi Luca!
On Thu, 2007-11-15 at 14:12 +0100, Luca Capello wrote:
> nice to see you back on this project :-)
Well, nice to see your constant fidelity in the project :)
> Cc:ing the FingerForce-devel mailing list because this post is
> interesting for Debian as well.
I guess it's a good choice to keep the cross postings up until we have
figured out how to proceed properly. That will ensure we'll make the
fingerprint experience on Linux a success.
> FWIW, I use ThinkFinger since the beginning and the latest version with
> Christian's and ssh patches is working fine on X60 with Debian sid.
Can you elaborate a little on "working fine". Are you saying that
everything (login, displaymanager, screensaver, authentication helpers
[ such as gksudo, kdesu ]) are working fine?
> FYI, the Debian Popularity Contest Statistics reports about 80
> installation of the ThinkFinger packages I maintain [1] and since their
> inclusion in Debian I haven't received any unknown bug.
Great!
> While I announced to upload ThinkFinger into unstable (and then testing,
> so the next Debian release) [2][3], I haven't prepared it yet because of
> the ssh issue Stephen reported on Ubuntu [4]. Have you planned to
> include a fix also for this remaining issue?
Thanks for reminding me.
I've committed the following.
Index: pam/pam_thinkfinger.c
===================================================================
--- pam/pam_thinkfinger.c (revision 116)
+++ pam/pam_thinkfinger.c (working copy)
@@ -238,6 +238,7 @@
{
int ret;
int retval = PAM_AUTH_ERR;
+ const char *rhost = NULL;
pam_thinkfinger_s pam_thinkfinger;
struct termios term_attr;
libthinkfinger_init_status init_status;
@@ -252,6 +253,12 @@
if (pam_thinkfinger.isatty == 1)
tcgetattr (STDIN_FILENO, &term_attr);
+ pam_get_item (pamh, PAM_RHOST, (const void **)( const void*) &rhost);
+ if (rhost != NULL && strlen (rhost) > 0) {
+ pam_thinkfinger_log (&pam_thinkfinger, LOG_ERR, "Error: Remote login from host \"%s\" detected.", rhost);
+ goto out;
+ }
+
if ((retval = pam_get_user(pamh, &pam_thinkfinger.user, NULL)) != PAM_SUCCESS)
goto out;
if (pam_thinkfinger_user_sanity_check (&pam_thinkfinger) || pam_thinkfinger_user_bir_check (&pam_thinkfinger) < 0) {
Thanks,
Timo
More information about the Fingerforce-devel
mailing list