diff options
author | Damien Miller <djm@mindrot.org> | 2003-05-14 15:11:48 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-05-14 15:11:48 +1000 |
commit | 4e448a31ae12e6f84caa7cdfc8b4c23db92459db (patch) | |
tree | 8f4c0885c8c91456b4d27d7f405e9125b83491a4 /sshd_config.5 | |
parent | 9c617693c2250c62e5e326372bc783e3416a94b0 (diff) | |
download | openssh-git-4e448a31ae12e6f84caa7cdfc8b4c23db92459db.tar.gz |
- (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 31ef3996..1278cb61 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -422,12 +422,15 @@ The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches .Dq full (60). -.It Cm PAMAuthenticationViaKbdInt -Specifies whether PAM challenge response authentication is allowed. This -allows the use of most PAM challenge response authentication modules, but -it will allow password authentication regardless of whether -.Cm PasswordAuthentication -is enabled. + +.It Cm UsePAM +Enables PAM authentication (via challenge-response) and session set up. +If you enable this, you should probably disable +.Cm PasswordAuthentication . +If you enable +.CM UsePAM +then you will not be able to run sshd as a non-root user. + .It Cm PasswordAuthentication Specifies whether password authentication is allowed. The default is |