[src/trunk]: src/etc/pam.d Disable pam_ssh by default, and refer people to pa...

[thorpej <thorpej%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/339e0b1ce2b2
branches:  trunk
changeset: 574407:339e0b1ce2b2
user:      thorpej <thorpej%NetBSD.org@localhost>
date:      Sun Feb 27 21:35:59 2005 +0000

description:
Disable pam_ssh by default, and refer people to pam_ssh(8) for information
on its security risks.

diffstat:

 etc/pam.d/display_manager |  8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 33fd2ea52db3 -r 339e0b1ce2b2 etc/pam.d/display_manager
--- a/etc/pam.d/display_manager Sun Feb 27 21:33:02 2005 +0000
+++ b/etc/pam.d/display_manager Sun Feb 27 21:35:59 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: display_manager,v 1.1 2005/02/27 03:40:14 thorpej Exp $
+# $NetBSD: display_manager,v 1.2 2005/02/27 21:35:59 thorpej Exp $
 #
 # PAM configuration for the display manager services.  Specific display
 # manager service configurations can include this one.
@@ -7,7 +7,8 @@
 # auth
 auth           required        pam_nologin.so          no_warn
 auth           sufficient      pam_krb5.so             no_warn try_first_pass
-auth           sufficient      pam_ssh.so              no_warn try_first_pass
+# pam_ssh has potential security risks.  See pam_ssh(8).
+#auth          sufficient      pam_ssh.so              no_warn try_first_pass
 auth           required        pam_unix.so             no_warn try_first_pass
 
 # account
@@ -16,5 +17,6 @@
 
 # session
 # XXX pam_lastlog.so?
-session        optional        pam_ssh.so
+# pam_ssh has potential security risks.  See pam_ssh(8).
+#session       optional        pam_ssh.so
 session                required        pam_permit.so