Fwd: [Techtalk] Re: SSH authentication via PAM-MySQL

Aneesha Govil popcorn09 at gmail.com
Wed Apr 4 18:55:38 UTC 2007

Oops meant to send to the list

---------- Forwarded message ----------
From: Aneesha Govil <popcorn09 at gmail.com>
Date: Apr 5, 2007 12:25 AM
Subject: Re: [Techtalk] Re: SSH authentication via PAM-MySQL
To: Wim De Smet <kromagg at gmail.com>

On 4/4/07, Wim De Smet <kromagg at gmail.com> wrote:
> In that case I think the most likely culprit is sshd not using PAM.
> There should be a line in the sshd_config (/etc/ssh/sshd_config on
> debian) that says:
> UsePAM yes

This is enabled.

My sshd_config also has the following slightly confusing section:
> #Privilege Separation is turned on for security
> UsePrivilegeSeparation yes
> # ...but breaks Pam auth via kbdint, so we have to turn it off
> # Use PAM authentication via keyboard-interactive so PAM modules can
> # properly interface with the user (off due to PrivSep)
> #PAMAuthenticationViaKbdInt no
> If your config has the same settings, probably best to disable
> privilege separation and set PAMAuthenticationViaKbdInt to yes. This
> might have some security implications I'm not sure.

I'll try these. Thanks!


More information about the Techtalk mailing list