tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: sshd_config and pam...
On Wed, 29 Jul 2009, Darren Reed wrote:
> I don't know if this is known or not, but it appears that enabling PAM
> in your sshd_conf file makes entries such as "PasswordAuthentication"
> meaningless. With PAM enabled, I was able to login with ssh using a
> password even with the aforementioned setting at "no".
Right. You were using PAM's idea of password authentication, not sshd's
idea of password authentication.
I wish there was a single setting like
"AllowedAuthentications=pubkey,kerberos" so I don't have to RTFM every
time I install a new version of ssh to find out whether I need to add
another "FooAuthentication no" line.
> Is it worthwhile adding some sort of warning to sshd that spits out a
> message of some sort about this if UsePAM is set to yes and there
> are other authentication driven directives present and not commented
> out?
I don't care either way about a warning in the syslog or stderr, but I'd
like to see clear warnings in the documentation for UsePAM.
--apb (Alan Barrett)
Home |
Main Index |
Thread Index |
Old Index