Bug#428968: changes needed to config

To: 428968@bugs.debian.org
Subject: Bug#428968: changes needed to config
From: Ryan Murray <rmurray@debian.org>
Date: Mon, 18 Jun 2007 16:39:22 -0700
Message-id: <[🔎] 20070618233922.GA25596@cyberhqz.com>
Reply-to: Ryan Murray <rmurray@debian.org>, 428968@bugs.debian.org

ssh 4.6p1 defaults to having challenge_response_authentication and
kbd_interaction_authentication to off.  The shipped config file does
not set either option by default.  This means that PAM is disabled by
default.  A KbdInteractiveAuthentication yes or
ChallengeResponseAuthentication yes is needed to enable PAM based
authentication.

Changing PasswordAuthentication enables non-PAM based password
authentication.  Doing this while UsePAM is set to yes ends up
disabling checks for locked accounts and shadow-based expiry, as well
as ignoring any sort of pam config you might have setup.

Reply to:

Follow-Ups:
- Bug#428968: changes needed to config
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Processed: Re: Bug#429531: chan_read_failed log spam
Next by Date: Bug#410599: openssh-server: scp dies with "fatal: buffer_append_space: alloc 10506240 not supported" when using control sockets and compression
Previous by thread: Bug#429531: marked as done (chan_read_failed log spam)
Next by thread: Bug#428968: changes needed to config
Index(es):
- Date
- Thread