Hi there, Two things. First, to fix your problem. If you send me the following files, I will take a look at them and provide you with any information you may need to fix them: /etc/pam.d/sshd /etc/ssh/sshd_config And just to be safe, send me this one as well: /etc/pam.d/login Now, to answer your questions about pam. No, pam has nothing to do with kerberos, accept that pam modules could use it I guess if you had the right one. Pam stands for plugable authentication modules, and it is supposed to provide a uniform way for programs to authenticate users. Programs that are written to support pam can easily authenticate users according to pam's configuration, and the programs need not have any knolege of how the authentication takes place. In some cases, programs that do their own authentication can have their authentication decisions ignored because of pam. This depends on how the program is written. For example, if sshd were configured to check with pam for authentication, whether or not the permitrootlogin setting were honored would depend on when and how sshd checked it. If pam allowed the authentication, and sshd just accepted that without any further checks, then the permitrootlogin setting would make no difference. The good news is that if this is the case, pam does have a module that allows authentication to be automatically denied if the user requesting authentication is root. Ok, I hope that cleared things up a little. I just finished doing some reading up on pam, so if anyone has any questions, I can probably answer them. <grin> -- Joseph C. Lininger jbahm at pcdesk.net Note, the following is used for automated processing. Please lieve in tact if quoting me in a reply. Verification: 5eab38a77ac40416e075be8f50607ff7 On Mon, 16 Aug 2004, Sina Bahram wrote: > Wait now...isn't pam a Kerberoes thing? > > I'm not sure about that at all, just I thought it was. > > I wil however, RTFM, and also RTFG for google *smile* > > But honest, I read all the documentation for this disabling root thing, and > everyone says go do what I did....but I shall look at the pam.d sshd file, > thank you > > Take care, > Sina > > No trees were destroyed in sending this message; however, a large number of > electrons were terribly inconvenienced. > -----Original Message----- > From: speakup-bounces at braille.uwo.ca [mailto:speakup-bounces at braille.uwo.ca] > On Behalf Of Joseph C. Lininger > Sent: Monday, August 16, 2004 7:27 PM > To: Speakup is a screen review system for Linux. > Subject: Re: Disabling root login on ssh? > > First, you must restart the sshd process for that to take effect. If that > doesn't work, then your problem probably has to do with pam. Look in your > /etc/pam.d directory, in the file called sshd. > -- > Joseph C. Lininger > jbahm at pcdesk.net > Note, the following is used for automated processing. Please lieve intact if > quoting me in a reply. > Verification: 5eab38a77ac40416e075be8f50607ff7 > ----- Original Message ----- > From: "Sina Bahram" <sbahram at nc.rr.com> > To: "'Speakup is a screen review system for Linux.'" > <speakup at braille.uwo.ca> > Sent: Monday, August 16, 2004 10:55 AM > Subject: Disabling root login on ssh? > > >> Hi guys, >> >> For some reason I can't get this to work, I uncommented the line in my >> /etc/ssh/sshd_config file that reads PermitRootLogin yes and changed it to >> no; however, it still allows me to login as root. >> >> What can I do to disable root login via ssh? >> >> Take care, >> Sina >> >> >> _______________________________________________ >> Speakup mailing list >> Speakup at braille.uwo.ca >> http://speech.braille.uwo.ca/mailman/listinfo/speakup >> > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup >
