[Mageia-dev] Installer setting sshd UsePAM to no

nicolas vigier boklm at mars-attacks.org
Tue May 15 18:47:10 CEST 2012


Hello,

As seen in previous thread, it is recommended to have UsePAM set to yes
in sshd configuration. This is the default value in the config file
provided by the openssh-server package. However, it seems the
"authentication" part of the installer or drakauth sets UsePAM to no
when local authentication is selected :
http://svnweb.mageia.org/soft/drakx/trunk/perl-install/authentication.pm?revision=3714&view=markup#l328

So most people will have UsePAM set to no.

I propose that the installer stop changing the UsePAM option, with
the following patch.

What do you think ?

Index: perl-install/authentication.pm
===================================================================
--- perl-install/authentication.pm	(revision 4522)
+++ perl-install/authentication.pm	(working copy)
@@ -325,7 +325,6 @@
 
     my $pam_modules = $kind2pam_kind{$kind} or log::l("kind2pam_kind
does not know $kind");
     $pam_modules ||= [];
-    sshd_config_UsePAM(@$pam_modules > 0);
     set_pam_authentication($pam_modules, $authentication->{ccreds});
 
     my $nsswitch = $kind2nsswitch{$kind} or log::l("kind2nsswitch does
not know $kind");
@@ -781,18 +780,6 @@
 
 }
 
-sub sshd_config_UsePAM {
-    my ($UsePAM) = @_;
-    my $sshd = "$::prefix/etc/ssh/sshd_config";
-    -e $sshd or return;
-
-    my $val = "UsePAM " . bool2yesno($UsePAM);
-    substInFile {
-	$val = '' if s/^#?UsePAM.*/$val/;
-	$_ .= "$val\n" if eof && $val;
-    } $sshd;
-}
-
 sub query_srv_names {
     my ($domain) = @_;
 



More information about the Mageia-dev mailing list