bugzilla-daemon at mindrot.org
2004-Apr-28 16:49 UTC
[Bug 853] PAM auth needs ChallengeResponseAuthentication enabled
http://bugzilla.mindrot.org/show_bug.cgi?id=853 Summary: PAM auth needs ChallengeResponseAuthentication enabled Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P5 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: leg at terra.com.br With "ChallengeResponseAuthentication no" on sshd_config, PAM authentication is completely disabled. Most users won't realize it because sshd fallbacks to shadow auth, but aditional restrictions on PAM conf will not work. You can confirm this behavior by enabling/disabling ChallengeResponseAuthentication and requiring pam_deny.so for sshd auth. It was working on versions up to 3.7.1p2 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Apr-28 21:46 UTC
[Bug 853] PAM auth needs ChallengeResponseAuthentication enabled
http://bugzilla.mindrot.org/show_bug.cgi?id=853 ------- Additional Comments From djm at mindrot.org 2004-04-29 07:46 ------- Additional PAM restrictions are still enabled, just not the PAM "password" restrictions. I.e. account and session controls are still enforced. Besides, the comment for UsePAM in sshd_config is fairly clear (though not completely explicit): # Set this to 'yes' to enable PAM authentication (via challenge-response) # and session processing. Depending on your PAM configuration, this may # bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Seemingly Similar Threads
- PAM auth stage rejection not working
- Questions about sshd_config man page and comments in the file
- openssh-4.2p1 + Pam question !
- [Bug 2475] New: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled
- AuthorizedKeysFile with default value prevents Public/Private key authentication