Attachment 624 Details for Bug 843 – Add detail to UsePAM section of sshd_config

[patch] Add detail to UsePAM section of sshd_config

openssh-man-pam.patch (text/plain), 1.33 KB, created by Darren Tucker on 2004-05-03 19:21:01 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Tucker

Created: 2004-05-03 19:21:01 AEST

Size: 1.33 KB

patch

obsolete

>Index: sshd_config.5
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd_config.5,v
>retrieving revision 1.35
>diff -u -p -r1.35 sshd_config.5
>--- sshd_config.5	2 May 2004 12:13:20 -0000	1.35
>+++ sshd_config.5	3 May 2004 09:13:58 -0000
>@@ -624,12 +624,30 @@ If
> .Cm UsePrivilegeSeparation
> is specified, it will be disabled after authentication.
> .It Cm UsePAM
>-Enables PAM authentication (via challenge-response) and session set up.
>-If you enable this, you should probably disable
>-.Cm PasswordAuthentication .
>-If you enable
>-.CM UsePAM
>-then you will not be able to run sshd as a non-root user.  The default is
>+Enables the Pluggable Authentication Module interface.  To authenticate via
>+PAM you must use
>+.Cm ChallengeResponseAuthentication
>+(keyboard-interactive for SSHv2, TIS for SSHv1) so you should also set
>+.Cm PasswordAuthentication
>+to
>+.Dq no .
>+.Pp
>+If
>+.Cm UsePAM
>+and
>+.Cm PasswordAuthentication
>+are both enabled, then users may authenticate via the native password
>+mechanism, bypassing the PAM
>+.Ar auth
>+module.  In such a case, the PAM
>+.Ar account
>+and
>+.Ar session
>+modules will still be checked.
>+.Pp
>+If
>+.Cm UsePAM
>+is enabled you will not be able to run sshd as a non-root user.  The default is
> .Dq no .
> .It Cm UsePrivilegeSeparation
> Specifies whether

Actions: View | Diff

Attachments on bug 843: 624 | 625 | 632