tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current 

reality.  Pointed out by tryponraj at gmail.com.
This commit is contained in:
Darren Tucker 2006-02-23 21:35:30 +11:00
parent 94413cf32b
commit a4904f7bf1
3 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,7 @@
2006023
- (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
reality. Pointed out by tryponraj at gmail.com.
2006022 2006022
- (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
compile in compat code if required. compile in compat code if required.
@ -3877,4 +3881,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.4133 2006/02/22 11:24:47 dtucker Exp $ $Id: ChangeLog,v 1.4134 2006/02/23 10:35:30 dtucker Exp $

13
sshd_config
View File

@ -71,12 +71,13 @@
# Set this to 'yes' to enable PAM authentication, account processing, # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will # and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism. # be allowed through the ChallengeResponseAuthentication and
# Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication. Depending on your PAM configuration,
# PasswordAuthentication, PermitEmptyPasswords, and # PAM authentication via ChallengeResponseAuthentication may bypass
# "PermitRootLogin without-password". If you just want the PAM account and # the setting of "PermitRootLogin without-password".
# session checks to run without PAM authentication, then enable this but set # If you just want the PAM account and session checks to run without
# ChallengeResponseAuthentication=no # PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no #UsePAM no
#AllowTcpForwarding yes #AllowTcpForwarding yes

5
sshd_config.5
View File

@ -677,7 +677,10 @@ If set to
.Dq yes .Dq yes
this will enable PAM authentication using this will enable PAM authentication using
.Cm ChallengeResponseAuthentication .Cm ChallengeResponseAuthentication
and PAM account and session module processing for all authentication types. and
.Cm PasswordAuthentication
in addition to PAM account and session module processing for all
authentication types.
.Pp .Pp
Because PAM challenge-response authentication usually serves an equivalent Because PAM challenge-response authentication usually serves an equivalent
role to password authentication, you should disable either role to password authentication, you should disable either