PAMAuthenticationViaKbdInt and KeyAuth

Markus Friedl markus at openbsd.org
Wed Jun 26 00:58:50 EST 2002


     PAMAuthenticationViaKbdInt
             Specifies whether PAM challenge response authentication is al-
             lowed. This allows the use of most PAM challenge response authen-
             tication modules, but it will allow password authentication re-
             gardless of whether PasswordAuthentication is yes, the password
             provided by the user will be validated through the Kerberos KDC.
             To use this option, the server needs a Kerberos servtab which al-
             lows the verification of the KDC's identity.  Default is ``no''.


On Tue, Jun 25, 2002 at 03:20:12PM +0200, Stephan Mueller wrote:
> Hi there,
> 
> when enabling the option PAMAuthenticationViaKbdInt, a login with password is 
> always possible, even though when you disabled it with PasswordAuthentication 
> no and PermitRootLogin without-password!
> 
> Is this intended? Why is there no documentation about this (or at least a 
> waring in the default configuration file)?
> 
> The problem is, it is enabled in the default installation of Debian OpenSSH 
> packages!
> 
> Thanks
> Stephan
> -- 
> Stephan Müller                   Stephan.Mueller at atsec.com
> Whenever you eliminate the impossible, whatever
>                remains, however improbable, must be the truth.
> 
> 
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list