tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

sshd UsePAM, PR bin/32313

Last summer, I brought up on netbsd-users the topic of PR bin/32313,
which is that setting `PasswordAuthentication no' in sshd_config does
not actually disable password authentication, because NetBSD's default
sshd_config also includes the undocumented `UsePAM yes'.  This means
that system administrators may believe they have disabled password
authentication by following what the documentation indicates, without
having disabled it at all.

I suggested that NetBSD's default sshd_config omit `UsePAM yes'.  This
is a one-character change to the file (a comment character).  All of
the replies -- well, all two of them -- supported this change, but
nothing happened.  Could someone either object or make the change?

Home | Main Index | Thread Index | Old Index