Nathan Dragun wrote:
> PasswordAuthentication is set to no by default, as enabling it causes
> cleartext password authentication (obviously defeating the point of
> encrypting it in the first place).
No, it doesn't. It defaults to Off because Debian wants SSH to use PAM
for system account authenti
but sshd.conf contains the needed
flags to limit the authentication methods
doing man sshd_config saids something like :
UsePAM = yes
PasswordAuthentication = no
might do the trick
PasswordAuthentication is set to no by default, as enabling it causes
cleartext password authentication
This one time, at band camp, Ernest jw ter Kuile said:
> On Tuesday 10 May 2005 17:46, Adam Skutt wrote:
> > Pete Harlan wrote:
> > > It would be nice if there were a way to have the pam module indicate,
> > > "this failed, and that's final", as distinct from, "this failed so try
> > > something el
On Tuesday 10 May 2005 17:46, Adam Skutt wrote:
> Pete Harlan wrote:
> > It would be nice if there were a way to have the pam module indicate,
> > "this failed, and that's final", as distinct from, "this failed so try
> > something else".
>
> There is. Mark the module "requisite", and a failure fr
Pete Harlan wrote:
> It would be nice if there were a way to have the pam module indicate,
> "this failed, and that's final", as distinct from, "this failed so try
> something else".
There is. Mark the module "requisite", and a failure from it will stop
the stack immediately.
Adam
--
To UNSUBS
Pete Harlan wrote:
> On Mon, May 09, 2005 at 10:16:24PM -0400, Adam Skutt wrote:
> > He didn't say there wasn't another way to do it, he said there was a
> security hole.
Hence I said, don't use it. There is another way to do what he wants
(more or less) that doesn't have this security hole assumi
On Tue, May 10, 2005 at 11:19:15AM -0400, Lennart Sorensen wrote:
> On Tue, May 10, 2005 at 10:09:59AM -0500, Pete Harlan wrote:
> > On Mon, May 09, 2005 at 10:16:24PM -0400, Adam Skutt wrote:
> > > Nathan Dragun wrote:
> > > > While setting up PAM in conjunction with SSH I included the following
>
On Tue, May 10, 2005 at 10:09:59AM -0500, Pete Harlan wrote:
> On Mon, May 09, 2005 at 10:16:24PM -0400, Adam Skutt wrote:
> > Nathan Dragun wrote:
> > > While setting up PAM in conjunction with SSH I included the following
> > > line to deny access unless found in the following file:
> > >
> > >
On Mon, May 09, 2005 at 10:16:24PM -0400, Adam Skutt wrote:
> Nathan Dragun wrote:
> > While setting up PAM in conjunction with SSH I included the following
> > line to deny access unless found in the following file:
> >
> > authrequiredpam_listfile.so sense=allow onerr=fail item=user
Nathan Dragun wrote:
> While setting up PAM in conjunction with SSH I included the following
> line to deny access unless found in the following file:
>
> authrequiredpam_listfile.so sense=allow onerr=fail item=user
> file=/etc/sshloginusers
>
> Which works, sort of.
Don't use it. ss
This one time, at band camp, Nathan Dragun said:
> While setting up PAM in conjunction with SSH I included the following
> line to deny access unless found in the following file:
>
> authrequiredpam_listfile.so sense=allow onerr=fail item=user
> file=/etc/sshloginusers
>
> Which wor
11 matches
Mail list logo