Re: upstart: please update to latest upstream version
Tollef Fog Heen <firstname.lastname@example.org> writes:
> ]] Russ Allbery
>> Er, "UsePAM no"?
> That's «changing sshds configuration» which for most people is on a
> completely different scale than patching the application itself. UsePAM
> yes is also the default nowadays.
That reduces the scope of affected users, but it doesn't eliminate the
problem. It means that anyone installing systemd needs to be aware that
they need to convert ssh to use PAM if it isn't currently, which is an
There will be similar problems with, for example, Kerberos klogind (and
there I'm not sure it even has PAM support).
> You can use PAM sessions without using PAM auth, for instance if you're
> using key authentication.
Yes, I know. But they previously haven't done much useful for you, so
it's not unreasonable to turn it off. Turning off unused features in a
security interface is usually good practice.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>