2 files changed, 9 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index e4927d46f..aa6a1c8b0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -49,6 +49,8 @@
      [session.c]
      limit # of env vars to 1000; ok deraadt/djm
  - (djm) Require krb5 devel for RPM build w/ KrbV 
+ - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai 
+   <nalin@redhat.com>
 
 20020625
  - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
@@ -1148,4 +1150,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2294 2002/06/26 09:42:52 djm Exp $
+$Id: ChangeLog,v 1.2295 2002/06/26 13:05:16 djm Exp $
diff --git a/sshd_config.5 b/sshd_config.5
index 3e198dfa3..aa7b7c7d4 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -305,10 +305,6 @@ To disable keepalives, the value should be set to
 .It Cm KerberosAuthentication
 Specifies whether Kerberos authentication is allowed.
 This can be in the form of a Kerberos ticket, or if
-.It Cm PAMAuthenticationViaKbdInt
-Specifies whether PAM challenge response authentication is allowed. This
-allows the use of most PAM challenge response authentication modules, but
-it will allow password authentication regardless of whether
 .Cm PasswordAuthentication
 is yes, the password provided by the user will be validated through
 the Kerberos KDC.
@@ -425,6 +421,12 @@ The probability increases linearly and all connection attempts
 are refused if the number of unauthenticated connections reaches
 .Dq full
 (60).
+.It Cm PAMAuthenticationViaKbdInt
+Specifies whether PAM challenge response authentication is allowed. This
+allows the use of most PAM challenge response authentication modules, but
+it will allow password authentication regardless of whether
+.Cm PasswordAuthentication
+is enabled.
 .It Cm PasswordAuthentication
 Specifies whether password authentication is allowed.
 The default is