3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwords

Damien Miller djm at mindrot.org
Tue Nov 18 10:50:01 EST 2003

Edgar, Bob wrote:

> What all of the above means in terms of OpenSSH is that
> PasswordAuthentication will not function and that UsePAM is required.
> While this functions properly for normal users it has one very negative
> security implication with respect to root logins:  PermitRootLogin is
> not respected when UsePAM is in effect. I submit that ignoring the 
> PermitRootLogin directive is counter intuitive and that doing so opens
> a serious security hole for the unwary. As this behavior is documented
> it can be considered a feature but I would like to propose that this
> decision be revisited in light of the above.

What is the problem with PermitRootLogin and UsePAM=yes? It works fine
for me.


More information about the openssh-unix-dev mailing list