Date: Fri, 27 Sep 2002 17:54:34 -0400 From: Chris Johnson <dcj-dated-1033163462.npbbkdfc@palomine.net> To: Archie Cobbs <archie@dellroad.org> Cc: freebsd-stable@freebsd.org Subject: Re: sshd_config vs. PAM Message-ID: <20020927215434.GA94394@palomine.net> In-Reply-To: <200209272135.g8RLZ3We005877@arch20m.dellroad.org> References: <200209272135.g8RLZ3We005877@arch20m.dellroad.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Fri, Sep 27, 2002 at 02:35:03PM -0700, Archie Cobbs wrote:
> Yow! I was surprised to notice that setting these parameters:
>
> PasswordAuthentication no
> PermitRootLogin without-password
>
> in /etc/ssh/sshd_config have absolutely NO effect!
>
> This is because now /etc/pam.conf seems to control everything (?)
According to sshd_config(5):
PAMAuthenticationViaKbdInt
Specifies whether PAM challenge response authentication is
allowed. This allows the use of most PAM challenge response
authentication modules, but it will allow password authentication
regardless of whether PasswordAuthentication is enabled.
It seems, however, that it's the ChallengeResponseAuthentication setting that
controls whether PAM authentication is enabled, and apparently its being set to
"yes" causes the behavior you're seeing.
Chris Johnson
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9lNOYPC78Lz4X/PARAjlXAJ4lPuAya1X/3Z0JoU8BQI2vAyqnfgCdGbhW
gfsbwzebSsl1VY+UkqJQXDs=
=6Ijn
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020927215434.GA94394>