sshd UsePAM, PR bin/32313

To: netbsd-users%netbsd.org@localhost, tech-security%netbsd.org@localhost
Subject: sshd UsePAM, PR bin/32313
From: Taylor R Campbell <campbell%mumble.net@localhost>
Date: Sat, 21 Nov 2009 21:21:25 -0500

Last summer, I brought up on netbsd-users the topic of PR bin/32313,
which is that setting `PasswordAuthentication no' in sshd_config does
not actually disable password authentication, because NetBSD's default
sshd_config also includes the undocumented `UsePAM yes'.  This means
that system administrators may believe they have disabled password
authentication by following what the documentation indicates, without
having disabled it at all.

I suggested that NetBSD's default sshd_config omit `UsePAM yes'.  This
is a one-character change to the file (a comment character).  All of
the replies -- well, all two of them -- supported this change, but
nothing happened.  Could someone either object or make the change?

Follow-Ups:
- Re: sshd UsePAM, PR bin/32313
  - From: elric
- Re: sshd UsePAM, PR bin/32313
  - From: Michael van Elst

Prev by Date: Re: how do you measure speed?
Next by Date: Re: how do you measure speed?
Previous by Thread: how do you measure speed?
Next by Thread: Re: sshd UsePAM, PR bin/32313
Indexes:

Home | Main Index | Thread Index | Old Index