Re: Bug#271822: PermitRootLogin without-password actually does the same as PermitRootLogin yes

[Jonas Meurer <jonas@freesources.org>]

On 24/09/2004 Christian Guggenberger wrote:
> well, you can enable PAM, but you then need to disable ChallengeResponse Authentifiaction (enabled by default).
> This will prevent root logins with password when 'without-password' is set.
> Keep in mind that in this case passwords will go encrypted over the net.

well, i forgot ...
you _always_ have to turn on PasswordAuthentication, to still allow
normal users logins, that's the relevant point. the setting of
ChallengeResponseAuthentification doesn't matter for that issue.

it matters only for the issue whether root still is able to login with
his plain password.

and that's the confusing part, when i set UsePAM to yes,
ChallengeResponseAuthentification to no, and PermitRootLogin to
without-password, i expect root password login to be denied, but not
normal user password logins.
anyway, to make it work, you have to set PasswordAuthentication.

bye
 jonas