[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-stable
Subject: Re: sshd_config vs. PAM
From: "Jamie Heckford" <jamie () jamiesdomain ! org ! uk>
Date: 2002-09-30 11:19:21
[Download RAW message or body]
I would very much like to see ssh completely detached from PAM, and have the PAM ties as an option you have to enable as opposed to
it being the default.
----- Original Message -----
From: "Archie Cobbs" <archie@dellroad.org>
To: <freebsd-stable@FreeBSD.ORG>
Sent: Friday, September 27, 2002 10:35 PM
Subject: sshd_config vs. PAM
> Yow! I was surprised to notice that setting these parameters:
>
> PasswordAuthentication no
> PermitRootLogin without-password
>
> in /etc/ssh/sshd_config have absolutely NO effect!
>
> This is because now /etc/pam.conf seems to control everything (?)
>
> This seems to violate POLA in a very dangerous way. Nor is this
> documented anywhere in the ssh man pages... in fact, they lie and
> tell you that these options increase security.
>
> I recommend that we either detach sshd from PAM, or else stop
> documenting and pretending that /etc/ssh/sshd_config actually
> controls this stuff.
>
> -Archie
>
> __________________________________________________________________________
> Archie Cobbs * Packet Design * http://www.packetdesign.com
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
>
--
____________________________________________________
Message scanned for viruses and dangerous content by
<http://www.newnet.co.uk/av/> and believed to be clean
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic