sshd_config and pam...

To: tech-security%netbsd.org@localhost
Subject: sshd_config and pam...
From: Darren Reed <darrenr%netbsd.org@localhost>
Date: Wed, 29 Jul 2009 22:49:27 -0700

I don't know if this is known or not, but it appears that enabling PAM
in your sshd_conf file makes entries such as "PasswordAuthentication"
meaningless. With PAM enabled, I was able to login with ssh using a
password even with the aforementioned setting at "no".

Is it worthwhile adding some sort of warning to sshd that spits out a
message of some sort about this if UsePAM is set to yes and there
are other authentication driven directives present and not commented
out?

Darren

Follow-Ups:
- Re: sshd_config and pam...
  - From: Alan Barrett
- Re: sshd_config and pam...
  - From: Soren Jacobsen

Prev by Date: NetBSD Security Advisory 2009-013: BIND named dynamic update Denial of Service vulnerability
Next by Date: Re: sshd_config and pam...
Previous by Thread: NetBSD Security Advisory 2009-013: BIND named dynamic update Denial of Service vulnerability
Next by Thread: Re: sshd_config and pam...
Indexes:

Home | Main Index | Thread Index | Old Index