- (djm) Add new UsePAM configuration directive to allow runtime control

over usage of PAM. This allows non-root use of sshd when built with --with-pam
author: Damien Miller <djm@mindrot.org> 2003-05-14 15:11:48 +1000
committer: Damien Miller <djm@mindrot.org> 2003-05-14 15:11:48 +1000
commit: 4e448a31ae12e6f84caa7cdfc8b4c23db92459db (patch)
tree: 8f4c0885c8c91456b4d27d7f405e9125b83491a4 /sshd_config.5
parent: 9c617693c2250c62e5e326372bc783e3416a94b0 (diff)
download: openssh-git-4e448a31ae12e6f84caa7cdfc8b4c23db92459db.tar.gz
1 files changed, 9 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 31ef3996..1278cb61 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -422,12 +422,15 @@ The probability increases linearly and all connection attempts
 are refused if the number of unauthenticated connections reaches
 .Dq full
 (60).
-.It Cm PAMAuthenticationViaKbdInt
-Specifies whether PAM challenge response authentication is allowed. This
-allows the use of most PAM challenge response authentication modules, but
-it will allow password authentication regardless of whether
-.Cm PasswordAuthentication
-is enabled.
+
+.It Cm UsePAM
+Enables PAM authentication (via challenge-response) and session set up. 
+If you enable this, you should probably disable 
+.Cm PasswordAuthentication .
+If you enable 
+.CM UsePAM
+then you will not be able to run sshd as a non-root user.
+
 .It Cm PasswordAuthentication
 Specifies whether password authentication is allowed.
 The default is
author	Damien Miller <djm@mindrot.org>	2003-05-14 15:11:48 +1000
committer	Damien Miller <djm@mindrot.org>	2003-05-14 15:11:48 +1000
commit	4e448a31ae12e6f84caa7cdfc8b4c23db92459db (patch)
tree	8f4c0885c8c91456b4d27d7f405e9125b83491a4 /sshd_config.5
parent	9c617693c2250c62e5e326372bc783e3416a94b0 (diff)
download	openssh-git-4e448a31ae12e6f84caa7cdfc8b4c23db92459db.tar.gz