From: Micah Anderson Date: Fri, 26 Sep 2008 20:59:55 +0000 (-0400) Subject: add comment about PAM auth to the Debian template (copied from the Gentoo one), as... X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=d6f9d64d9b0d8befcf7437b2fe69b6e378971794;p=puppet-sshd.git add comment about PAM auth to the Debian template (copied from the Gentoo one), as its useful info to have available, due to the complexity of the option --- diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index 989fa62..d9237c6 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -86,6 +86,15 @@ KeepAlive yes #Subsystem sftp /usr/lib/sftp-server +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. <%- if real_sshd_use_pam.to_s == 'yes' then %> UsePAM yes <%- else %>