diff options
author | Damien Miller <djm@mindrot.org> | 2004-05-23 11:47:58 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2004-05-23 11:47:58 +1000 |
commit | 701d0514ee3ffc5e8fde36bb0559709490407053 (patch) | |
tree | 1b1273c29359991916c0687ccd4471d78c5e39eb /sshd_config | |
parent | 991d95f4125ca1ce40bb7d469b69b1e174b78967 (diff) | |
download | openssh-git-701d0514ee3ffc5e8fde36bb0559709490407053.tar.gz |
- (djm) Explain consequences of UsePAM=yes a little better in sshd_config;
ok dtucker@
Diffstat (limited to 'sshd_config')
-rw-r--r-- | sshd_config | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/sshd_config b/sshd_config index b45c8c56..2b8d9f69 100644 --- a/sshd_config +++ b/sshd_config @@ -67,9 +67,14 @@ #GSSAPIAuthentication no #GSSAPICleanupCredentials yes -# Set this to 'yes' to enable PAM authentication (via challenge-response) -# and session processing. Depending on your PAM configuration, this may -# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication mechanism. +# Depending on your PAM configuration, this may bypass the setting of +# PasswordAuthentication, PermitEmptyPasswords, and +# "PermitRootLogin without-password". If you just want the PAM account and +# session checks to run without PAM authentication, then enable this but set +# ChallengeResponseAuthentication=no #UsePAM no #AllowTcpForwarding yes |