summaryrefslogtreecommitdiff
path: root/sshd_config
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2004-05-23 11:47:58 +1000
committerDamien Miller <djm@mindrot.org>2004-05-23 11:47:58 +1000
commit701d0514ee3ffc5e8fde36bb0559709490407053 (patch)
tree1b1273c29359991916c0687ccd4471d78c5e39eb /sshd_config
parent991d95f4125ca1ce40bb7d469b69b1e174b78967 (diff)
downloadopenssh-git-701d0514ee3ffc5e8fde36bb0559709490407053.tar.gz
- (djm) Explain consequences of UsePAM=yes a little better in sshd_config;
ok dtucker@
Diffstat (limited to 'sshd_config')
-rw-r--r--sshd_config11
1 files changed, 8 insertions, 3 deletions
diff --git a/sshd_config b/sshd_config
index b45c8c56..2b8d9f69 100644
--- a/sshd_config
+++ b/sshd_config
@@ -67,9 +67,14 @@
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
-# Set this to 'yes' to enable PAM authentication (via challenge-response)
-# and session processing. Depending on your PAM configuration, this may
-# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication mechanism.
+# Depending on your PAM configuration, this may bypass the setting of
+# PasswordAuthentication, PermitEmptyPasswords, and
+# "PermitRootLogin without-password". If you just want the PAM account and
+# session checks to run without PAM authentication, then enable this but set
+# ChallengeResponseAuthentication=no
#UsePAM no
#AllowTcpForwarding yes