- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
reality. Pointed out by tryponraj at gmail.com.
This commit is contained in:
parent
94413cf32b
commit
a4904f7bf1
|
@ -1,3 +1,7 @@
|
|||
2006023
|
||||
- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
|
||||
reality. Pointed out by tryponraj at gmail.com.
|
||||
|
||||
2006022
|
||||
- (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
|
||||
compile in compat code if required.
|
||||
|
@ -3877,4 +3881,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.4133 2006/02/22 11:24:47 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.4134 2006/02/23 10:35:30 dtucker Exp $
|
||||
|
|
13
sshd_config
13
sshd_config
|
@ -71,12 +71,13 @@
|
|||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
# be allowed through the ChallengeResponseAuthentication mechanism.
|
||||
# Depending on your PAM configuration, this may bypass the setting of
|
||||
# PasswordAuthentication, PermitEmptyPasswords, and
|
||||
# "PermitRootLogin without-password". If you just want the PAM account and
|
||||
# session checks to run without PAM authentication, then enable this but set
|
||||
# ChallengeResponseAuthentication=no
|
||||
# be allowed through the ChallengeResponseAuthentication and
|
||||
# PasswordAuthentication. Depending on your PAM configuration,
|
||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||
# the setting of "PermitRootLogin without-password".
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and ChallengeResponseAuthentication to 'no'.
|
||||
#UsePAM no
|
||||
|
||||
#AllowTcpForwarding yes
|
||||
|
|
|
@ -677,7 +677,10 @@ If set to
|
|||
.Dq yes
|
||||
this will enable PAM authentication using
|
||||
.Cm ChallengeResponseAuthentication
|
||||
and PAM account and session module processing for all authentication types.
|
||||
and
|
||||
.Cm PasswordAuthentication
|
||||
in addition to PAM account and session module processing for all
|
||||
authentication types.
|
||||
.Pp
|
||||
Because PAM challenge-response authentication usually serves an equivalent
|
||||
role to password authentication, you should disable either
|
||||
|
|
Loading…
Reference in New Issue