Fwd: [Techtalk] Re: SSH authentication via PAM-MySQL
Aneesha Govil
popcorn09 at gmail.com
Wed Apr 4 18:55:38 UTC 2007
Oops meant to send to the list
---------- Forwarded message ----------
From: Aneesha Govil <popcorn09 at gmail.com>
Date: Apr 5, 2007 12:25 AM
Subject: Re: [Techtalk] Re: SSH authentication via PAM-MySQL
To: Wim De Smet <kromagg at gmail.com>
On 4/4/07, Wim De Smet <kromagg at gmail.com> wrote:
>
> In that case I think the most likely culprit is sshd not using PAM.
> There should be a line in the sshd_config (/etc/ssh/sshd_config on
> debian) that says:
> UsePAM yes
This is enabled.
My sshd_config also has the following slightly confusing section:
> #Privilege Separation is turned on for security
> UsePrivilegeSeparation yes
>
> # ...but breaks Pam auth via kbdint, so we have to turn it off
> # Use PAM authentication via keyboard-interactive so PAM modules can
> # properly interface with the user (off due to PrivSep)
> #PAMAuthenticationViaKbdInt no
>
> If your config has the same settings, probably best to disable
> privilege separation and set PAMAuthenticationViaKbdInt to yes. This
> might have some security implications I'm not sure.
I'll try these. Thanks!
Aneesha
More information about the Techtalk
mailing list