- (djm) Explain consequences of UsePAM=yes a little better in sshd_config;

ok dtucker@
author: Damien Miller <djm@mindrot.org> 2004-05-23 11:47:58 +1000
committer: Damien Miller <djm@mindrot.org> 2004-05-23 11:47:58 +1000
commit: 701d0514ee3ffc5e8fde36bb0559709490407053 (patch)
tree: 1b1273c29359991916c0687ccd4471d78c5e39eb /sshd_config
parent: 991d95f4125ca1ce40bb7d469b69b1e174b78967 (diff)
download: openssh-git-701d0514ee3ffc5e8fde36bb0559709490407053.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/sshd_config b/sshd_config
index b45c8c56..2b8d9f69 100644
--- a/sshd_config
+++ b/sshd_config
@@ -67,9 +67,14 @@
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 
-# Set this to 'yes' to enable PAM authentication (via challenge-response)
-# and session processing. Depending on your PAM configuration, this may
-# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication mechanism. 
+# Depending on your PAM configuration, this may bypass the setting of 
+# PasswordAuthentication, PermitEmptyPasswords, and 
+# "PermitRootLogin without-password". If you just want the PAM account and 
+# session checks to run without PAM authentication, then enable this but set 
+# ChallengeResponseAuthentication=no
 #UsePAM no
 
 #AllowTcpForwarding yes
author	Damien Miller <djm@mindrot.org>	2004-05-23 11:47:58 +1000
committer	Damien Miller <djm@mindrot.org>	2004-05-23 11:47:58 +1000
commit	701d0514ee3ffc5e8fde36bb0559709490407053 (patch)
tree	1b1273c29359991916c0687ccd4471d78c5e39eb /sshd_config
parent	991d95f4125ca1ce40bb7d469b69b1e174b78967 (diff)
download	openssh-git-701d0514ee3ffc5e8fde36bb0559709490407053.tar.gz