Chaskiel M Grundman <[EMAIL PROTECTED]> writes: > Sam Hartman <[EMAIL PROTECTED]> wrote:
>> I'd certainly expect pam to be used for all password validation. If >> that's not true please give me info on how to reproduce. > reproduce? As far as I can tell, it never uses pam unless you use the > kbdint userauth mechanism.. I'm using ssh-krb5 with PAM here and I don't use that auth mechanism, so I know it does work. Perhaps you're missing UsePAM yes in your sshd configuration? Here is my configuration, which works with GSSAPI authentication and PAM as the fallback in 3.8.1p1-7: # /etc/ssh/sshd_config -- Configuration for subversion ssh daemon. # $Id: sshd_config,v 1.2 2005/04/13 22:29:45 eagle Exp $ Port 22 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key. KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging. SyslogFacility AUTH LogLevel INFO # Authentication. LoginGraceTime 600 StrictModes yes # Who can log on with what authentication methods. PermitRootLogin no RSAAuthentication no PubkeyAuthentication no IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no # Fall back to PAM. UsePAM yes PasswordAuthentication no # GSSAPI authentication. GSSAPIAuthentication yes GSSAPIKeyExchange yes GSSAPIUseSessionCredCache yes # Allow X forwarding. X11Forwarding yes X11DisplayOffset 10 # Miscellaneous settings. PrintMotd no KeepAlive yes # Support sftp. Subsystem sftp /usr/lib/sftp-server -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]