jonathancammack / rpms / openssh

Forked from rpms/openssh 8 months ago
Clone

Blame SOURCES/openssh-7.8p1-UsePAM-warning.patch

9070b3
diff -up openssh-8.6p1/sshd.c.log-usepam-no openssh-8.6p1/sshd.c
9070b3
--- openssh-8.6p1/sshd.c.log-usepam-no	2021-04-19 14:00:45.099735129 +0200
9070b3
+++ openssh-8.6p1/sshd.c	2021-04-19 14:03:21.140920974 +0200
9070b3
@@ -1749,6 +1749,10 @@ main(int ac, char **av)
9070b3
 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
9070b3
 	    cfg, &includes, NULL);
9070b3
 
07d1ba
+	/* 'UsePAM no' is not supported in RHEL */
9070b3
+	if (! options.use_pam)
07d1ba
+		logit("WARNING: 'UsePAM no' is not supported in RHEL and may cause several problems.");
9070b3
+
9070b3
 #ifdef WITH_OPENSSL
9070b3
 	if (options.moduli_file != NULL)
9070b3
 		dh_set_moduli_file(options.moduli_file);
9070b3
diff -up openssh-8.6p1/sshd_config.log-usepam-no openssh-8.6p1/sshd_config
9070b3
--- openssh-8.6p1/sshd_config.log-usepam-no	2021-04-19 14:00:45.098735121 +0200
9070b3
+++ openssh-8.6p1/sshd_config	2021-04-19 14:00:45.099735129 +0200
9070b3
@@ -87,6 +87,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
9070b3
 # If you just want the PAM account and session checks to run without
9070b3
 # PAM authentication, then enable this but set PasswordAuthentication
9070b3
 # and KbdInteractiveAuthentication to 'no'.
07d1ba
+# WARNING: 'UsePAM no' is not supported in RHEL and may cause several
9070b3
+# problems.
9070b3
 #UsePAM no
9070b3
 
9070b3
 #AllowAgentForwarding yes