3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwords
Damien Miller
djm at mindrot.org
Tue Nov 18 10:50:01 EST 2003
Edgar, Bob wrote:
> What all of the above means in terms of OpenSSH is that
> PasswordAuthentication will not function and that UsePAM is required.
> While this functions properly for normal users it has one very negative
> security implication with respect to root logins: PermitRootLogin is
> not respected when UsePAM is in effect. I submit that ignoring the
> PermitRootLogin directive is counter intuitive and that doing so opens
> a serious security hole for the unwary. As this behavior is documented
> it can be considered a feature but I would like to propose that this
> decision be revisited in light of the above.
What is the problem with PermitRootLogin and UsePAM=yes? It works fine
for me.
-d
More information about the openssh-unix-dev
mailing list