[CentOS] a-gnome-oyences

Fri Mar 29 19:16:26 UTC 2013
m.roth at 5-cent.us <m.roth at 5-cent.us>

Gordon Messmer wrote:
> On 03/29/2013 08:19 AM, m.roth at 5-cent.us wrote:
>>
>> Well, no. If you look at the stock /etc/X11/xinit/xinitrc-common. at the
>> bottom of the file, that's where it sets this stuff. As I said, we
>> *have* to use the compiled from more recent versions of ssh, because the
>> current stock version doesn't support US gov't PIV cards for
authentication.
>>  And doing this, I only get one agent, and it gets killed automagically
when
>> I log out, as expected.
>
> I understand that.  I'm just trying to point out that if you set the
> SSH_AGENT variable, it should be much less complex than it sounds in
> your description.  ssh-agent runs the shell as a child, and exits when
> the session does.  There's no "killing" involved.
<snip>
I've finally got it working. First, I create that file
/etc/X11/xinit/Xclients.d/Xclients.gnome-session.sh, whose contents are
#!/bin/sh
exec -l $SHELL -c "$SSH_AGENT gnome-session"

Now, I do *not* have a clue of the impact of not letting
gnome-keyring-agent run. If someone here does, feel free to discuss it,
and let me know if I *can* just chmod -x.

Anyway, my hack which works neatly is to create a three line shell script
that goes into the users .<shellrc> file, whose contents are:
#!/bin/sh
export SSH_AGENT_PID=`ps -fu $USER | awk '($0 ~
/\/usr\/bin\/piv-ssh-agent/) { print $2;}'`
export SSH_AUTH_SOCKET=`awk '($0 ~ /\/tmp\/ssh-/ ) { print $NF;}'
/proc/$SSH_AGENT_PID/net/unix `

It's a hack, but a clean hack, and I'm not wasting more hours, and my user
is up and running.

       mark