PAMAuthenticationViaKbdInt and KeyAuth
Markus Friedl
markus at openbsd.org
Wed Jun 26 00:58:50 EST 2002
PAMAuthenticationViaKbdInt
Specifies whether PAM challenge response authentication is al-
lowed. This allows the use of most PAM challenge response authen-
tication modules, but it will allow password authentication re-
gardless of whether PasswordAuthentication is yes, the password
provided by the user will be validated through the Kerberos KDC.
To use this option, the server needs a Kerberos servtab which al-
lows the verification of the KDC's identity. Default is ``no''.
On Tue, Jun 25, 2002 at 03:20:12PM +0200, Stephan Mueller wrote:
> Hi there,
>
> when enabling the option PAMAuthenticationViaKbdInt, a login with password is
> always possible, even though when you disabled it with PasswordAuthentication
> no and PermitRootLogin without-password!
>
> Is this intended? Why is there no documentation about this (or at least a
> waring in the default configuration file)?
>
> The problem is, it is enabled in the default installation of Debian OpenSSH
> packages!
>
> Thanks
> Stephan
> --
> Stephan Müller Stephan.Mueller at atsec.com
> Whenever you eliminate the impossible, whatever
> remains, however improbable, must be the truth.
>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list