diff options
author | Darren Tucker <dtucker@zip.com.au> | 2006-02-23 21:35:30 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2006-02-23 21:35:30 +1100 |
commit | a4904f7bf19fb091b9fcf8059dedd5c5198fc039 (patch) | |
tree | 384681017d1879a14619dabf375b265bf6084f7c | |
parent | 94413cf32ba932537ef215b07eb1833e297fcae5 (diff) |
- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
reality. Pointed out by tryponraj at gmail.com.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sshd_config | 13 | ||||
-rw-r--r-- | sshd_config.5 | 5 |
3 files changed, 16 insertions, 8 deletions
@@ -1,3 +1,7 @@ | |||
1 | 2006023 | ||
2 | - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current | ||
3 | reality. Pointed out by tryponraj at gmail.com. | ||
4 | |||
1 | 2006022 | 5 | 2006022 |
2 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only | 6 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only |
3 | compile in compat code if required. | 7 | compile in compat code if required. |
@@ -3877,4 +3881,4 @@ | |||
3877 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3881 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
3878 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3882 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
3879 | 3883 | ||
3880 | $Id: ChangeLog,v 1.4133 2006/02/22 11:24:47 dtucker Exp $ | 3884 | $Id: ChangeLog,v 1.4134 2006/02/23 10:35:30 dtucker Exp $ |
diff --git a/sshd_config b/sshd_config index 4957dd1a6..57f9a17bb 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -71,12 +71,13 @@ | |||
71 | 71 | ||
72 | # Set this to 'yes' to enable PAM authentication, account processing, | 72 | # Set this to 'yes' to enable PAM authentication, account processing, |
73 | # and session processing. If this is enabled, PAM authentication will | 73 | # and session processing. If this is enabled, PAM authentication will |
74 | # be allowed through the ChallengeResponseAuthentication mechanism. | 74 | # be allowed through the ChallengeResponseAuthentication and |
75 | # Depending on your PAM configuration, this may bypass the setting of | 75 | # PasswordAuthentication. Depending on your PAM configuration, |
76 | # PasswordAuthentication, PermitEmptyPasswords, and | 76 | # PAM authentication via ChallengeResponseAuthentication may bypass |
77 | # "PermitRootLogin without-password". If you just want the PAM account and | 77 | # the setting of "PermitRootLogin without-password". |
78 | # session checks to run without PAM authentication, then enable this but set | 78 | # If you just want the PAM account and session checks to run without |
79 | # ChallengeResponseAuthentication=no | 79 | # PAM authentication, then enable this but set PasswordAuthentication |
80 | # and ChallengeResponseAuthentication to 'no'. | ||
80 | #UsePAM no | 81 | #UsePAM no |
81 | 82 | ||
82 | #AllowTcpForwarding yes | 83 | #AllowTcpForwarding yes |
diff --git a/sshd_config.5 b/sshd_config.5 index 71a293ffb..6e2de10d7 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -677,7 +677,10 @@ If set to | |||
677 | .Dq yes | 677 | .Dq yes |
678 | this will enable PAM authentication using | 678 | this will enable PAM authentication using |
679 | .Cm ChallengeResponseAuthentication | 679 | .Cm ChallengeResponseAuthentication |
680 | and PAM account and session module processing for all authentication types. | 680 | and |
681 | .Cm PasswordAuthentication | ||
682 | in addition to PAM account and session module processing for all | ||
683 | authentication types. | ||
681 | .Pp | 684 | .Pp |
682 | Because PAM challenge-response authentication usually serves an equivalent | 685 | Because PAM challenge-response authentication usually serves an equivalent |
683 | role to password authentication, you should disable either | 686 | role to password authentication, you should disable either |