openssh bugs - Apr 2004 - [Bug 853] PAM auth needs ChallengeResponseAuthentication enabled

http://bugzilla.mindrot.org/show_bug.cgi?id=853

           Summary: PAM auth needs ChallengeResponseAuthentication enabled
           Product: Portable OpenSSH
           Version: 3.8.1p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: PAM support
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: leg at terra.com.br


With "ChallengeResponseAuthentication no" on sshd_config, PAM
authentication is
completely disabled. 
Most users won't realize it because sshd fallbacks to shadow auth, but
aditional
restrictions on PAM conf will not work.  You can confirm this behavior by
enabling/disabling ChallengeResponseAuthentication and requiring pam_deny.so for
sshd auth. 

It was working on versions up to 3.7.1p2



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=853





------- Additional Comments From djm at mindrot.org  2004-04-29 07:46 -------
Additional PAM restrictions are still enabled, just not the PAM
"password"
restrictions. I.e. account and session controls are still enforced.

Besides, the comment for UsePAM in sshd_config is fairly clear (though not
completely explicit):

# Set this to 'yes' to enable PAM authentication (via
challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication' and
'PermitEmptyPasswords'




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.