On Tue, May 10, 2005 at 10:09:59AM -0500, Pete Harlan wrote: > On Mon, May 09, 2005 at 10:16:24PM -0400, Adam Skutt wrote: > > Nathan Dragun wrote: > > > While setting up PAM in conjunction with SSH I included the following > > > line to deny access unless found in the following file: > > > > > > auth required pam_listfile.so sense=allow onerr=fail item=user > > > file=/etc/sshloginusers > > > > > > Which works, sort of. > > Don't use it. sshd(8) lets you deny and allow users via > > /etc/ssh/sshd_config. > > > > Reading the daemon documentation before doing something like this is > > always good idea. > > He didn't say there wasn't another way to do it, he said there was a > security hole.
I believe SSH supports multiple types of authentication. If pam fails, it will use the next configured one. It's a feature of ssh. It isn't as if pam can disable ssh key logins either. Is that a security hole? Misconfiguring sshd doesn't mean it is insecure. It still requires a valid account and password to login. Len Sorensen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
