diff options
author | Darren Tucker <dtucker@zip.com.au> | 2004-05-13 16:51:40 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2004-05-13 16:51:40 +1000 |
commit | 1dcff9a3a8891db8d7fce77e43e675ce60e0fe44 (patch) | |
tree | 118f07e3092ac723ffde11caff628e2214ed6fec /sshd_config.5 | |
parent | a86b453bb3282bac162693dc7366286c7334a91f (diff) | |
download | openssh-git-1dcff9a3a8891db8d7fce77e43e675ce60e0fe44.tar.gz |
- (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to
UsePAM section. Parts from djm@ and jmc@.
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index f8aa0f2f..05558c56 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -624,12 +624,25 @@ If .Cm UsePrivilegeSeparation is specified, it will be disabled after authentication. .It Cm UsePAM -Enables PAM authentication (via challenge-response) and session set up. -If you enable this, you should probably disable -.Cm PasswordAuthentication . -If you enable -.CM UsePAM -then you will not be able to run sshd as a non-root user. The default is +Enables the Pluggable Authentication Module interface. +If set to +.Dq yes +this will enable PAM authentication using +.Cm ChallengeResponseAuthentication +and PAM account and session module processing for all authentication types. +.Pp +Because PAM challenge-response authentication usually serves an equivalent +role to password authentication, you should disable either +.Cm PasswordAuthentication +or +.Cm ChallengeResponseAuthentication. +.Pp +If +.Cm UsePAM +is enabled, you will not be able to run +.Xr sshd 8 +as a non-root user. +The default is .Dq no . .It Cm UsePrivilegeSeparation Specifies whether |