| author | Vladimir Marek <Vladimir.Marek@oracle.com> |
| Mon, 25 Jul 2016 13:45:37 +0200 | |
| changeset 6475 | abfc9174d2f0 |
| parent 6086 | 7c225e52772b |
| permissions | -rw-r--r-- |
|
6086
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
1 |
# |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
2 |
# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
3 |
# |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
4 |
# PAM configuration for the SSH user authentication type of 'none' which is |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
5 |
# used when no authentication is required at all. This PAM fragment prevents |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
6 |
# authentication using sshd-none to avoid unnecessary interaction with |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
7 |
# failed logins tracking in certain SSH and PAM configurations. If SSH |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
8 |
# logins are desired without any authentication then this is possible by |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
9 |
# configuring both the sshd_config(5) options 'PasswordAuthentication' and |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
10 |
# 'PermitEmptyPasswords' to be 'yes' and using either the 'password' or |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
11 |
# 'keyboard-interactive' user authentication methods. |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
12 |
# |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
13 |
auth definitive pam_deny.so.1 |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
14 |
account definitive pam_deny.so.1 |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
15 |
session definitive pam_deny.so.1 |
|
7c225e52772b
15366793 sshd calls pam_authenticate() for none method if PermitEmptyPasswords=yes
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff
changeset
|
16 |
password definitive pam_deny.so.1 |