- (djm) Explain consequences of UsePAM=yes a little better in sshd_config;

ok dtucker@

ChangeLog

@@ -1,3 +1,7 @@
+20040523
+ - (djm) Explain consequences of UsePAM=yes a little better in sshd_config;
+   ok dtucker@
+
 20040513
  - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
    libresolv, fixes problems detecting it on some platforms
@@ -1118,4 +1122,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3355 2004/05/13 10:24:10 dtucker Exp $
+$Id: ChangeLog,v 1.3356 2004/05/23 01:47:58 djm Exp $

sshd_config

@@ -67,9 +67,14 @@
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 
-# Set this to 'yes' to enable PAM authentication (via challenge-response)
-# and session processing. Depending on your PAM configuration, this may
-# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication mechanism. 
+# Depending on your PAM configuration, this may bypass the setting of 
+# PasswordAuthentication, PermitEmptyPasswords, and 
+# "PermitRootLogin without-password". If you just want the PAM account and 
+# session checks to run without PAM authentication, then enable this but set 
+# ChallengeResponseAuthentication=no
 #UsePAM no
 
 #AllowTcpForwarding yes