Hello,
As seen in previous thread, it is recommended to have UsePAM set to yes
in sshd configuration. This is the default value in the config file
provided by the openssh-server package. However, it seems the
"authentication" part of the installer or drakauth sets UsePAM to no
when local authentication is selected :
http://svnweb.mageia.org/soft/drakx/trunk/perl-install/authentication.pm?revision=3714&view=markup#l328
So most people will have UsePAM set to no.
I propose that the installer stop changing the UsePAM option, with
the following patch.
What do you think ?
Index: perl-install/authentication.pm
===================================================================
--- perl-install/authentication.pm (revision 4522)
+++ perl-install/authentication.pm (working copy)
@@ -325,7 +325,6 @@
my $pam_modules = $kind2pam_kind{$kind} or log::l("kind2pam_kind
does not know $kind");
$pam_modules ||= [];
- sshd_config_UsePAM(@$pam_modules > 0);
set_pam_authentication($pam_modules, $authentication->{ccreds});
my $nsswitch = $kind2nsswitch{$kind} or log::l("kind2nsswitch does
not know $kind");
@@ -781,18 +780,6 @@
}
-sub sshd_config_UsePAM {
- my ($UsePAM) = @_;
- my $sshd = "$::prefix/etc/ssh/sshd_config";
- -e $sshd or return;
-
- my $val = "UsePAM " . bool2yesno($UsePAM);
- substInFile {
- $val = '' if s/^#?UsePAM.*/$val/;
- $_ .= "$val\n" if eof && $val;
- } $sshd;
-}
-
sub query_srv_names {
my ($domain) = @_;
