Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 853] PAM auth needs ChallengeResponseAuthentication enabled
bugzilla-daemon at mindrot
Apr 28, 2004, 8:49 AM
Post #1 of 2 (68 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=853

Summary: PAM auth needs ChallengeResponseAuthentication enabled
Product: Portable OpenSSH
Version: 3.8.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P5
Component: PAM support
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: leg@terra.com.br


With "ChallengeResponseAuthentication no" on sshd_config, PAM authentication is
completely disabled.
Most users won't realize it because sshd fallbacks to shadow auth, but aditional
restrictions on PAM conf will not work. You can confirm this behavior by
enabling/disabling ChallengeResponseAuthentication and requiring pam_deny.so for
sshd auth.

It was working on versions up to 3.7.1p2



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 853] PAM auth needs ChallengeResponseAuthentication enabled [ In reply to ]
bugzilla-daemon at mindrot
Apr 28, 2004, 1:46 PM
Post #2 of 2 (70 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=853





------- Additional Comments From djm@mindrot.org 2004-04-29 07:46 -------
Additional PAM restrictions are still enabled, just not the PAM "password"
restrictions. I.e. account and session controls are still enforced.

Besides, the comment for UsePAM in sshd_config is fairly clear (though not
completely explicit):

# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal