From 3a38c5a856073672228b8033599e96fe749cb116 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Nov 2005 16:28:35 +1100 Subject: [PATCH] - (dtucker) [README.platform] Add PAM section. --- ChangeLog | 3 ++- README.platform | 12 +++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 46b40f197..1da05ea8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -102,6 +102,7 @@ [bufaux.c] Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT cs.stanford.edu; ok dtucker@ + - (dtucker) [README.platform] Add PAM section. 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3235,4 +3236,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3952 2005/11/05 05:04:36 djm Exp $ +$Id: ChangeLog,v 1.3953 2005/11/05 05:28:35 dtucker Exp $ diff --git a/README.platform b/README.platform index af551de48..4c18a3278 100644 --- a/README.platform +++ b/README.platform @@ -45,4 +45,14 @@ number is already in use on your system, you may change it at build time by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. -$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $ +Platforms using PAM +------------------- +As of OpenSSH 4.3p1, sshd will no longer check /etc/nologin itself when +PAM is enabled. To maintain existing behaviour, pam_nologin should be +added to sshd's session stack which will prevent users from starting shell +sessions. Alternatively, pam_nologin can be added to either the auth or +account stacks which will prevent authentication entirely, but will still +return the output from pam_nologin to the client. + + +$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $