diff options
| author | Colin Watson <cjwatson@debian.org> | 2004-03-05 16:37:25 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2004-03-05 16:37:25 +0000 |
| commit | 3b68bdbc5f38de96fa27fcca31b62caa487ed31f (patch) | |
| tree | ec46f46a505b58ea207bf5d3855722bbf6fd8d18 /debian | |
| parent | 9414b9d65cdc953c2436ba0a607b149e4b4cde1a (diff) | |
Remove README.Debian warnings about privsep not working properly with PAM.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/README.Debian | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/debian/README.Debian b/debian/README.Debian index bb1f7cf48..cb1444a47 100644 --- a/debian/README.Debian +++ b/debian/README.Debian | |||
| @@ -33,15 +33,11 @@ Privilege Separation | |||
| 33 | 33 | ||
| 34 | As of 3.3, openssh has employed privilege separation to reduce the | 34 | As of 3.3, openssh has employed privilege separation to reduce the |
| 35 | quantity of code that runs as root, thereby reducing the impact of | 35 | quantity of code that runs as root, thereby reducing the impact of |
| 36 | some security holes in sshd. | 36 | some security holes in sshd. This now also works properly with PAM. |
| 37 | 37 | ||
| 38 | Unfortunately, privilege separation interacts badly with PAM. Any PAM | 38 | Privilege separation is turned on by default, so, if you decide you |
| 39 | session modules that need to run as root (pam_mkhomedir, for example) | ||
| 40 | will fail, and PAM keyboard-interactive authentication won't work. | ||
| 41 | |||
| 42 | Privilege separation is turned on by default, so if you decide you | ||
| 43 | want it turned off, you need to add "UsePrivilegeSeparation no" to | 39 | want it turned off, you need to add "UsePrivilegeSeparation no" to |
| 44 | /etc/ssh/sshd_config | 40 | /etc/ssh/sshd_config. |
| 45 | 41 | ||
| 46 | PermitRootLogin set to yes | 42 | PermitRootLogin set to yes |
| 47 | -------------------------- | 43 | -------------------------- |