From 4e448a31ae12e6f84caa7cdfc8b4c23db92459db Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 14 May 2003 15:11:48 +1000
Subject:  - (djm) Add new UsePAM configuration directive to allow runtime
 control    over usage of PAM. This allows non-root use of sshd when built
 with    --with-pam

---
 sshd_config.5 | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'sshd_config.5')

diff --git a/sshd_config.5 b/sshd_config.5
index 31ef3996d..1278cb61f 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -422,12 +422,15 @@ The probability increases linearly and all connection attempts
 are refused if the number of unauthenticated connections reaches
 .Dq full
 (60).
-.It Cm PAMAuthenticationViaKbdInt
-Specifies whether PAM challenge response authentication is allowed. This
-allows the use of most PAM challenge response authentication modules, but
-it will allow password authentication regardless of whether
-.Cm PasswordAuthentication
-is enabled.
+
+.It Cm UsePAM
+Enables PAM authentication (via challenge-response) and session set up. 
+If you enable this, you should probably disable 
+.Cm PasswordAuthentication .
+If you enable 
+.CM UsePAM
+then you will not be able to run sshd as a non-root user.
+
 .It Cm PasswordAuthentication
 Specifies whether password authentication is allowed.
 The default is
-- 
cgit v1.2.3