[Momonga-devel.ja:02097] Re: openssh vulnerability

From: Kazuhiko <kazuhiko@xxxxxxxxxx>
Date: Wed, 24 Sep 2003 15:28:11 +0900

かずひこです。

At Wed, 24 Sep 2003 09:31:24 +0900,
Kazuhiko wrote:

> さらに脆弱性がみつかって 3.7.1p2 がリリースされましたので、そのついでに
> sshd_config のデフォルトを変更しました。
(snip)
>  #UsePAM yes
> +UsePAM no

http://www.st.ryukoku.ac.jp/~kjm/security/ml-archive/bugtraq/2003.09/msg00353.html
によると、

Changes since OpenSSH 3.7.1p1:
==============================

* This release disables PAM by default. To enable it, set "UsePAM yes" in
  sshd_config. Due to complexity, inconsistencies in the specification and
  differences between vendors' PAM implementations we recommend that PAM
  be left disabled in sshd_config unless there is a need for its use.
  Sites using only public key or simple password authentication usually
  have little need to enable PAM support.

とのことで、3.7.1p2 ではデフォルトで PAM は no になったそうです。

# これまで sshd_config のコメントの内容がデフォルトだと思っていたけど、
# そうじゃないこともあるわけ？？
-- 
かずひこ <http://wiki.fdiary.net/kazuhiko/>
  ★シャア「名字が付いてない」
  ☆一兵卒「あんなの飾りです。偉い人にはそれが分からんのです」

References:
- [Momonga-devel.ja:02075] openssh vulnerability
  - From: Kazuhiko
- [Momonga-devel.ja:02076] Re: openssh vulnerability
  - From: Kazuhiko
- [Momonga-devel.ja:02077] Re: openssh vulnerability
  - From: ToshiOkada
- [Momonga-devel.ja:02081] Re: openssh vulnerability
  - From: Kazuhiko
- [Momonga-devel.ja:02096] Re: openssh vulnerability
  - From: Kazuhiko

Prev by Date: [Momonga-devel.ja:02096] Re: openssh vulnerability
Next by Date: [Momonga-devel.ja:02098] Re: %files of kdenetwork-3.1.3-1m
Previous by thread: [Momonga-devel.ja:02096] Re: openssh vulnerability
Next by thread: [Momonga-devel.ja:02078] cyrus-imapd のエラー
Index(es):
- Date
- Thread