diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2006-02-23 21:35:30 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2006-02-23 21:35:30 +1100 |
| commit | a4904f7bf19fb091b9fcf8059dedd5c5198fc039 (patch) | |
| tree | 384681017d1879a14619dabf375b265bf6084f7c | |
| parent | 94413cf32ba932537ef215b07eb1833e297fcae5 (diff) | |
- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
reality. Pointed out by tryponraj at gmail.com.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | sshd_config | 13 | ||||
| -rw-r--r-- | sshd_config.5 | 5 |
3 files changed, 16 insertions, 8 deletions
| @@ -1,3 +1,7 @@ | |||
| 1 | 2006023 | ||
| 2 | - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current | ||
| 3 | reality. Pointed out by tryponraj at gmail.com. | ||
| 4 | |||
| 1 | 2006022 | 5 | 2006022 |
| 2 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only | 6 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only |
| 3 | compile in compat code if required. | 7 | compile in compat code if required. |
| @@ -3877,4 +3881,4 @@ | |||
| 3877 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3881 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 3878 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3882 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 3879 | 3883 | ||
| 3880 | $Id: ChangeLog,v 1.4133 2006/02/22 11:24:47 dtucker Exp $ | 3884 | $Id: ChangeLog,v 1.4134 2006/02/23 10:35:30 dtucker Exp $ |
diff --git a/sshd_config b/sshd_config index 4957dd1a6..57f9a17bb 100644 --- a/sshd_config +++ b/sshd_config | |||
| @@ -71,12 +71,13 @@ | |||
| 71 | 71 | ||
| 72 | # Set this to 'yes' to enable PAM authentication, account processing, | 72 | # Set this to 'yes' to enable PAM authentication, account processing, |
| 73 | # and session processing. If this is enabled, PAM authentication will | 73 | # and session processing. If this is enabled, PAM authentication will |
| 74 | # be allowed through the ChallengeResponseAuthentication mechanism. | 74 | # be allowed through the ChallengeResponseAuthentication and |
| 75 | # Depending on your PAM configuration, this may bypass the setting of | 75 | # PasswordAuthentication. Depending on your PAM configuration, |
| 76 | # PasswordAuthentication, PermitEmptyPasswords, and | 76 | # PAM authentication via ChallengeResponseAuthentication may bypass |
| 77 | # "PermitRootLogin without-password". If you just want the PAM account and | 77 | # the setting of "PermitRootLogin without-password". |
| 78 | # session checks to run without PAM authentication, then enable this but set | 78 | # If you just want the PAM account and session checks to run without |
| 79 | # ChallengeResponseAuthentication=no | 79 | # PAM authentication, then enable this but set PasswordAuthentication |
| 80 | # and ChallengeResponseAuthentication to 'no'. | ||
| 80 | #UsePAM no | 81 | #UsePAM no |
| 81 | 82 | ||
| 82 | #AllowTcpForwarding yes | 83 | #AllowTcpForwarding yes |
diff --git a/sshd_config.5 b/sshd_config.5 index 71a293ffb..6e2de10d7 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -677,7 +677,10 @@ If set to | |||
| 677 | .Dq yes | 677 | .Dq yes |
| 678 | this will enable PAM authentication using | 678 | this will enable PAM authentication using |
| 679 | .Cm ChallengeResponseAuthentication | 679 | .Cm ChallengeResponseAuthentication |
| 680 | and PAM account and session module processing for all authentication types. | 680 | and |
| 681 | .Cm PasswordAuthentication | ||
| 682 | in addition to PAM account and session module processing for all | ||
| 683 | authentication types. | ||
| 681 | .Pp | 684 | .Pp |
| 682 | Because PAM challenge-response authentication usually serves an equivalent | 685 | Because PAM challenge-response authentication usually serves an equivalent |
| 683 | role to password authentication, you should disable either | 686 | role to password authentication, you should disable either |