Package: ssh-krb5 Version: 3.8.1p1-7 Severity: normal README.Debian still states "Unfortunately, privilege separation interacts badly with PAM. [...] and PAM keyboard-interactive authentication won't work."
but that doesn't seem to be true at all. keyboard-interactive authentication _is_ enabled, and does work with privsep. Moreover, if an ssh client that does not perform keyboard-interactive authentication connects to the server, pam is not used for password validation. Even if this is considered appropriate behavior, I would think that it would merit a mention in NEWS. I will even suggest that not supporting PasswordAuthentication at all would be better than the current behavior. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: sparc (sparc64) Kernel: Linux 2.4.27-2-sparc64 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ssh-krb5 depends on: ii adduser 3.63 Add and remove users and groups ii debconf 1.4.30.13 Debian configuration management sy ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libcomerr2 1.35-6 The Common Error Description libra ii libkrb53 1.3.6-2 MIT Kerberos runtime libraries ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.2-3 compression library - runtime -- debconf information: * ssh/privsep_tell: ssh/insecure_rshd: ssh/privsep_ask: true ssh/ssh2_keys_merged: * ssh/user_environment_tell: * ssh/forward_warning: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true * ssh/protocol2_only: false ssh/encrypted_host_key_but_no_keygen: * ssh/run_sshd: true * ssh/SUID_client: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]