[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#109846: sshd: Disable PAM if you do not want to use passwords

On 4/24/05, Ludovic Rousseau <ludovic.rousseau@free.fr> wrote:
> Hello,
<snip>

Hello,

ummm, are they the same? I don't think so.

What happens if you do this:

   PasswordAuthentication yes
   UsePAM no

instead of

>   PasswordAuthentication no
>   UsePAM no
> then passwords are effectively disabled.

I'm guessing that sshd will work by checking your password, by itself,
from /etc/passwd. But most of us with other systems for
authentication, say pam_mysql, pam_ldap, just to name a few. Those
won't be able to login to the system.

So, these two options are related, but they are not the same.

However, I'm with you in that a Note should exist in the Debian README
file saying that pam_unix in /etc/pam.d/ssh with authenticate against
/etc/passwd also. So, if you want to disable password authentication
completely, you must set UsePAM to no, as well as the older method of
authentication. For some reason this sounds to me like an obvious
thing to know (especially by experienced sysadmins). However, I see
your point.

-- 
----)(----- 
Luis M
System Administrator
Kiskeyix.org 

"We think basically you watch television to turn your brain off, and
you work on your computer when you want to turn your brain on" --
Steve Jobs in an interview for MacWorld Magazine 2004-Feb

No .doc: http://www.fsf.org/philosophy/no-word-attachments.es.html
Reply to: