[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-stable
Subject:    Re: sshd_config vs. PAM
From:       "Jamie Heckford" <jamie () jamiesdomain ! org ! uk>
Date:       2002-09-30 11:19:21
[Download RAW message or body]

I would very much like to see ssh completely detached from PAM, and have the PAM ties as an option you have to enable as opposed to
it being the default.

----- Original Message -----
From: "Archie Cobbs" <archie@dellroad.org>
To: <freebsd-stable@FreeBSD.ORG>
Sent: Friday, September 27, 2002 10:35 PM
Subject: sshd_config vs. PAM


> Yow! I was surprised to notice that setting these parameters:
>
>    PasswordAuthentication no
>    PermitRootLogin without-password
>
> in /etc/ssh/sshd_config have absolutely NO effect!
>
> This is because now /etc/pam.conf seems to control everything (?)
>
> This seems to violate POLA in a very dangerous way.  Nor is this
> documented anywhere in the ssh man pages... in fact, they lie and
> tell you that these options increase security.
>
> I recommend that we either detach sshd from PAM, or else stop
> documenting and pretending that /etc/ssh/sshd_config actually
> controls this stuff.
>
> -Archie
>
> __________________________________________________________________________
> Archie Cobbs     *     Packet Design     *     http://www.packetdesign.com
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
>


-- 
____________________________________________________
Message scanned for viruses and dangerous content by
<http://www.newnet.co.uk/av/> and believed to be clean


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]