From 701d0514ee3ffc5e8fde36bb0559709490407053 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 23 May 2004 11:47:58 +1000
Subject:  - (djm) Explain consequences of UsePAM=yes a little better in
 sshd_config;    ok dtucker@

---
 sshd_config | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'sshd_config')

diff --git a/sshd_config b/sshd_config
index b45c8c561..2b8d9f695 100644
--- a/sshd_config
+++ b/sshd_config
@@ -67,9 +67,14 @@
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 
-# Set this to 'yes' to enable PAM authentication (via challenge-response)
-# and session processing. Depending on your PAM configuration, this may
-# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication mechanism. 
+# Depending on your PAM configuration, this may bypass the setting of 
+# PasswordAuthentication, PermitEmptyPasswords, and 
+# "PermitRootLogin without-password". If you just want the PAM account and 
+# session checks to run without PAM authentication, then enable this but set 
+# ChallengeResponseAuthentication=no
 #UsePAM no
 
 #AllowTcpForwarding yes
-- 
cgit v1.2.3