For OpenSSH_3.7p1, if one does NOT use the "--with-pam" configuration option, setting the default "#UsePAM yes" flag in sshd_config to "UsePam no" will cause the following error: init.d [111]# ./openssh start /etc/ssh/sshd_config line 75: Unsupported option UsePAM However, if one does use the "--with-pam" configuration option, setting the flag "UsePam no" is acceptable. Seems a bit confusing to me. Perhaps "#UsePAM no" should be the default? Thanks.
Created attachment 422 [details] Set options->use_pam to 0 if USE_PAM is not set On a related note, options.use_pam is set even unless overridden by the UsePAM directive, which doesn't happen if PAM support isn't compiled in. This means, for example, that things like this (from auth.c) don't happen when PAM support is disabled: #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) if (!options.use_pam) spw = getspnam(pw->pw_name); Hey! That might be the cause of some of our mystery segfaults on Solaris 2.6!
Maybe it should just default to 0
That was my first thought, but most of the options go through this "-1 = unset" -> set from config -> apply default if -1 process. I assumed there was a reason for it, so left it that way.
As of 3.7.1p2 UsePAM defaults to "no".
Mass change of RESOLVED bugs to CLOSED