diff options
| author | Micah Anderson <micah@riseup.net> | 2008-09-26 16:59:55 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2008-09-26 16:59:55 -0400 |
| commit | d6f9d64d9b0d8befcf7437b2fe69b6e378971794 (patch) | |
| tree | d101cc92c2e2dde564188c992ff3884276153d35 /templates/sshd_config/Debian_normal.erb | |
| parent | 3bd90d741c35ae242befd955566e3f28cf76b81b (diff) | |
| download | puppet-sshd-d6f9d64d9b0d8befcf7437b2fe69b6e378971794.tar.gz puppet-sshd-d6f9d64d9b0d8befcf7437b2fe69b6e378971794.tar.bz2 | |
add comment about PAM auth to the Debian template (copied from the Gentoo one), as its useful info to
have available, due to the complexity of the option
Diffstat (limited to 'templates/sshd_config/Debian_normal.erb')
| -rw-r--r-- | templates/sshd_config/Debian_normal.erb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index 989fa62..d9237c6 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -86,6 +86,15 @@ KeepAlive yes #Subsystem sftp /usr/lib/sftp-server +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. <%- if real_sshd_use_pam.to_s == 'yes' then %> UsePAM yes <%- else %> |