On 24/09/2004 Christian Guggenberger wrote: > well, you can enable PAM, but you then need to disable ChallengeResponse > Authentifiaction (enabled by default). > This will prevent root logins with password when 'without-password' is set. > Keep in mind that in this case passwords will go encrypted over the net.
well, i forgot ... you _always_ have to turn on PasswordAuthentication, to still allow normal users logins, that's the relevant point. the setting of ChallengeResponseAuthentification doesn't matter for that issue. it matters only for the issue whether root still is able to login with his plain password. and that's the confusing part, when i set UsePAM to yes, ChallengeResponseAuthentification to no, and PermitRootLogin to without-password, i expect root password login to be denied, but not normal user password logins. anyway, to make it work, you have to set PasswordAuthentication. bye jonas
