diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | sshd_config | 11 |
2 files changed, 13 insertions, 4 deletions
@@ -1,3 +1,7 @@ +20040523 + - (djm) Explain consequences of UsePAM=yes a little better in sshd_config; + ok dtucker@ + 20040513 - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in libresolv, fixes problems detecting it on some platforms @@ -1118,4 +1122,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3355 2004/05/13 10:24:10 dtucker Exp $ +$Id: ChangeLog,v 1.3356 2004/05/23 01:47:58 djm Exp $ diff --git a/sshd_config b/sshd_config index b45c8c56..2b8d9f69 100644 --- a/sshd_config +++ b/sshd_config @@ -67,9 +67,14 @@ #GSSAPIAuthentication no #GSSAPICleanupCredentials yes -# Set this to 'yes' to enable PAM authentication (via challenge-response) -# and session processing. Depending on your PAM configuration, this may -# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication mechanism. +# Depending on your PAM configuration, this may bypass the setting of +# PasswordAuthentication, PermitEmptyPasswords, and +# "PermitRootLogin without-password". If you just want the PAM account and +# session checks to run without PAM authentication, then enable this but set +# ChallengeResponseAuthentication=no #UsePAM no #AllowTcpForwarding yes |