Christoph Anton Mitterer <cales...@scientia.net> writes:

> For the OpenSSH server this is dependent on wheter UseLogin and/or
> UsePAM directives are being used or not, the later which has a
> configuration file default of "yes" in Debian (but not in upstream's
> default config or default value).

I think UsePAM yes is the only sane default for Debian, though, and people
who choose to change that default are legitimately on their own.  It's way
too hard to try to cope with all the odd things that can happen when PAM
has been disabled.  If you set this to no, you don't even get session and
account handling, so you lose Kerberos ticket setup, may lose account
locking and expiration, and all sorts of other stuff that is managed via
PAM.

-- 
Russ Allbery (r...@debian.org)               <http://www.eyrie.org/~eagle/>


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/8761cregcb....@hope.eyrie.org

Reply via email to