Date: Fri, 27 Sep 2002 17:54:34 -0400 From: Chris Johnson <dcj-dated-1033163462.npbbkdfc@palomine.net> To: Archie Cobbs <archie@dellroad.org> Cc: freebsd-stable@freebsd.org Subject: Re: sshd_config vs. PAM Message-ID: <20020927215434.GA94394@palomine.net> In-Reply-To: <200209272135.g8RLZ3We005877@arch20m.dellroad.org> References: <200209272135.g8RLZ3We005877@arch20m.dellroad.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--VbJkn9YxBvnuCH5J
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Sep 27, 2002 at 02:35:03PM -0700, Archie Cobbs wrote:
> Yow! I was surprised to notice that setting these parameters:
>=20
> PasswordAuthentication no
> PermitRootLogin without-password
>=20
> in /etc/ssh/sshd_config have absolutely NO effect!
>=20
> This is because now /etc/pam.conf seems to control everything (?)
According to sshd_config(5):
PAMAuthenticationViaKbdInt
Specifies whether PAM challenge response authentication is
allowed. This allows the use of most PAM challenge response
authentication modules, but it will allow password authenticat=
ion
regardless of whether PasswordAuthentication is enabled.
It seems, however, that it's the ChallengeResponseAuthentication setting th=
at
controls whether PAM authentication is enabled, and apparently its being se=
t to
"yes" causes the behavior you're seeing.
Chris Johnson
--VbJkn9YxBvnuCH5J
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9lNOYPC78Lz4X/PARAjlXAJ4lPuAya1X/3Z0JoU8BQI2vAyqnfgCdGbhW
gfsbwzebSsl1VY+UkqJQXDs=
=6Ijn
-----END PGP SIGNATURE-----
--VbJkn9YxBvnuCH5J--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020927215434.GA94394>