RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current 

reality.  Pointed out by tryponraj at gmail.com.
This commit is contained in:
Darren Tucker 2006-02-23 21:35:30 +11:00
parent 94413cf32b
commit a4904f7bf1
3 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,7 @@
2006023
- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
reality. Pointed out by tryponraj at gmail.com.
2006022
- (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
compile in compat code if required.
@ -3877,4 +3881,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.4133 2006/02/22 11:24:47 dtucker Exp $
$Id: ChangeLog,v 1.4134 2006/02/23 10:35:30 dtucker Exp $

13
sshd_config
View File

@ -71,12 +71,13 @@
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowTcpForwarding yes

5
sshd_config.5
View File

@ -677,7 +677,10 @@ If set to
.Dq yes
this will enable PAM authentication using
.Cm ChallengeResponseAuthentication
and PAM account and session module processing for all authentication types.
and
.Cm PasswordAuthentication
in addition to PAM account and session module processing for all
authentication types.
.Pp
Because PAM challenge-response authentication usually serves an equivalent
role to password authentication, you should disable either