On Tuesday 20 April 2004 14.24, Giacomo Mulas wrote: > > First, it seems to always enable PasswordAuthentication. All my > > systems have 'PasswordAuthentication no' and 'PubkeyAuthentication > > yes', so I was very surprised when I was prompted for a password > > trying to login to one of the systems, to an account with an > > outdated authorized_keys file. Investigation showed that 'UsePam > > yes' is causing this behaviour (i.e. 'UsePam no' turns off > > PasswordAuthentication). > > you are not seeing PasswordAuthentication, you are seeing > keyboard-interactive authentication. They are two distinct things and > get enabled/disabled separately.
Either way, it allows people to authenticate with their account password
instead of an ssh key. Is this distinction documented somewhere? I
guess the sshd_config(5) section about UsePAM counts for documentation,
but does not help me with my problem. So, to rephrase the question, is
there a way to have PAM set up my session (specifically, pam_env)
without allowing users to log in with their password?
I think it's just annoying to have the session setup twice, once in pam
and once in <wherever>, and have my ssh sessions look different from my
local login sessions. The two sets of configuration will certainly
diverge over time...
cheers
-- vbi
--
Wir müssen heute nach den Wahrheiten leben, die uns zur Verfügung
stehen, dabei aber immer bereit sein, sie morgen Irrtümer zu nennen.
-- William James
pgppiaJUtpwqv.pgp
Description: signature
