Questions about sshd_config man page and comments in the file

[ponraj]

Hi ,

I have two problems when i went through a) the man page of sshd_config and 
b) the comments quoted in sshd_config file itself. They are given below.

a)
>From the man page of sshd_config:
"If UsePAM is enabled, you will not be able to run sshd(8) as a 
non-privileged user."

I changed the permission of the hostkeys to a non-privileged user and tried 
to run sshd alongwith "UsePAM=yes" in one of the non-privileged ports . sshd 
was successfully initiated but it failed to handle client's connection 
request. Is this the behaviour highlighted in the man page ?

b)Comments in sshd_config file:

# Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
  # be allowed through the ChallengeResponseAuthentication mechanism.
  # Depending on your PAM configuration, this may bypass the setting of
  # PasswordAuthentication, PermitEmptyPasswords, and
  # "PermitRootLogin without-password". If you just want the PAM
  account and
  # session checks to run without PAM authentication, then enable this
  but set
  # ChallengeResponseAuthentication=no

sshd has been started along with the following command-line configuration 
settings.
        # /opt/ssh/sbin/sshd -o "usepam yes" -o 
"challengeresponseauthentication no" -o "kerberosauthentication no" -o 
"passwordauthentication yes" -o "kerberosorlocalpasswd no"
Authentication ,Password management modules were set to "libpam_krb5.so.1" 
and Session,Account management modules were set to "libpam_unix.so.1" in pam 
configuation file.

During ssh conneciton, Kerberos password got succeeded when the ssh client 
was prompted for password. This violates the steps commented in sshd_config 
file.Can anyone clarify this ?

I am using OpenSSH-4.2p1 compiled with OpenSSL 0.9.7i.

--
Ponraj M