| blob | 1e810426674d09ec3d62df477d5f39a5ee656f95 |
1 #
2 # To comply to the Solaris PAM policy, the UsePAM option is changed to be
3 # always on and not configurable on Solaris. This is for Solaris only, so we
4 # will not contribute the changes to the upstream community.
5 #
7 --- hpn-ssh-hpn-18.4.2/servconf.c.orig
8 +++ hpn-ssh-hpn-18.4.2/servconf.c
9 @@ -284,7 +284,12 @@
11 /* Portable-specific options */
12 if (options->use_pam == -1)
13 +#ifdef SET_USE_PAM
14 + /* use_pam should be always set to 1 on Solaris */
15 + options->use_pam = 1;
16 +#else
17 options->use_pam = 0;
18 +#endif
20 /* Standard Options */
21 if (options->num_host_key_files == 0) {
22 @@ -1389,8 +1394,17 @@
23 switch (opcode) {
24 /* Portable-specific options */
25 case sUsePAM:
26 +#ifdef SET_USE_PAM
27 + /* UsePAM is always on and not configurable on Solaris */
28 + logit("%s line %d: ignoring UsePAM option value."
29 + " This option is always on.", filename, linenum);
30 + while (arg)
31 + arg = strdelim(&str);
32 + break;
33 +#else
34 intptr = &options->use_pam;
35 goto parse_flag;
36 +#endif
38 /* Standard Options */
39 case sBadOption:
40 --- hpn-ssh-hpn-18.4.2/sshd_config.orig
41 +++ hpn-ssh-hpn-18.4.2/sshd_config
42 @@ -70,17 +70,6 @@
43 #GSSAPIAuthentication no
44 #GSSAPICleanupCredentials yes
46 -# Set this to 'yes' to enable PAM authentication, account processing,
47 -# and session processing. If this is enabled, PAM authentication will
48 -# be allowed through the KbdInteractiveAuthentication and
49 -# PasswordAuthentication. Depending on your PAM configuration,
50 -# PAM authentication via KbdInteractiveAuthentication may bypass
51 -# the setting of "PermitRootLogin prohibit-password".
52 -# If you just want the PAM account and session checks to run without
53 -# PAM authentication, then enable this but set PasswordAuthentication
54 -# and KbdInteractiveAuthentication to 'no'.
55 -#UsePAM no
56 -
57 #AllowAgentForwarding yes
58 #AllowTcpForwarding yes
59 #GatewayPorts no