[Bug 1410] Correct UsePAM comment in sshd_config on Mac OS X
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Dec 29 02:56:48 EST 2007
https://bugzilla.mindrot.org/show_bug.cgi?id=1410
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2007-12-29 02:56:46 ---
(From update of attachment 1405)
>-# To disable tunneled clear text passwords, change to no here!
>+# To disable tunneled clear text passwords, change to no here! Also,
>+# remember to set the UsePAM setting to 'no'.
> #PasswordAuthentication yes
> #PermitEmptyPasswords no
What is the meaning of this change? What does UsePam=no have to do
with whether or
not PasswordAuthentication is enabled?
It might be referring to ChallengeResponseAuthentication which looks
similar to a casual observer, but there is already text in sshd_config
and sshd(8) that covers that.
>@@ -78,7 +79,10 @@
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and ChallengeResponseAuthentication to 'no'.
>+# Also, PAM will deny null passwords by default. If you need to allow
>+# null passwords, add the " nullok" option to the end of the
>+# securityserver.so line in /etc/pam.d/sshd.
That is very platform specific. I would probably be OK with adding a
comment in platform-neutral language to the UsePAM section that
mentions this.
>-#UsePAM no
>+#UsePAM yes
That is documenting a local change, and I don't think we want to change
the default.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list