- (djm) Explain consequences of UsePAM=yes a little better in sshd_config;

ok dtucker@
author: djm <djm> 2004-05-23 01:47:58 +0000
committer: djm <djm> 2004-05-23 01:47:58 +0000
commit: d465be4309ecfff910f11db4b74a5054e4a9cf04 (patch)
tree: b4c71ee4164075a43074267c49ab51f0cf1de658 /sshd_config
parent: bd574ae693e0e0c26d22853851359a7d873d1980 (diff)
download: openssh-d465be4309ecfff910f11db4b74a5054e4a9cf04.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/sshd_config b/sshd_config
index b45c8c56..2b8d9f69 100644
--- a/sshd_config
+++ b/sshd_config
@@ -67,9 +67,14 @@
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 
-# Set this to 'yes' to enable PAM authentication (via challenge-response)
-# and session processing. Depending on your PAM configuration, this may
-# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication mechanism. 
+# Depending on your PAM configuration, this may bypass the setting of 
+# PasswordAuthentication, PermitEmptyPasswords, and 
+# "PermitRootLogin without-password". If you just want the PAM account and 
+# session checks to run without PAM authentication, then enable this but set 
+# ChallengeResponseAuthentication=no
 #UsePAM no
 
 #AllowTcpForwarding yes
author	djm <djm>	2004-05-23 01:47:58 +0000
committer	djm <djm>	2004-05-23 01:47:58 +0000
commit	d465be4309ecfff910f11db4b74a5054e4a9cf04 (patch)
tree	b4c71ee4164075a43074267c49ab51f0cf1de658 /sshd_config
parent	bd574ae693e0e0c26d22853851359a7d873d1980 (diff)
download	openssh-d465be4309ecfff910f11db4b74a5054e4a9cf04.tar.gz