Two FreeBSD-specific nits in comments:

- ChallengeResponseAuthentication controls PAM, not S/Key - We don't honor PAMAuthenticationViaKbdInt, because the code path it controls doesn't make sense for us, so don't mention it. Sponsored by: DARPA, NAI Labs
svn path=/head/; revision=99315
2002-07-03 00:08:19 +00:00 · 2002-07-03 00:08:19 +00:00 · 53282320d1 · 2020-12-20 02:59:44 +00:00
commit 53282320d1
parent 126aa65832
1 changed files with 1 additions and 5 deletions
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@ -62,7 +62,7 @@
 #PasswordAuthentication yes
 #PermitEmptyPasswords no

-# Change to no to disable s/key passwords
+# Change to no to disable PAM authentication
 #ChallengeResponseAuthentication yes

 # Kerberos options
@ -75,10 +75,6 @@
 # Kerberos TGT Passing only works with the AFS kaserver
 #KerberosTgtPassing no

-# Set this to 'yes' to enable PAM keyboard-interactive authentication 
-# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
-#PAMAuthenticationViaKbdInt yes
-
 #X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes