Nico, I require pubkey auth on *all* my ssh sessions, thus achieving two-factor auth with minimal overheads. I'd thought this was widely implemented.
PAMAuthenticationViaKBDInt actually works in practice for me, disallowing kyb interactive for all accounts. I've no clue how and why it worked, but I did that based on a Q&A I googled to. Will be switching to KbdInteractiveAuthentication as per your recommendation, since that seems to be the correct method. justin
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss