From 686fc2c4eebbfbb08f9cbd051807d2ecd68cc8fd Mon Sep 17 00:00:00 2001 From: Eric Cook Date: Sat, 14 Jan 2017 18:38:37 -0500 Subject: [PATCH] do not set UsePAM on OpenBSD Upstream opensshd does not support PAM --- openssh/files/sshd_config | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config index 9e14601..bcd8ad4 100644 --- a/openssh/files/sshd_config +++ b/openssh/files/sshd_config @@ -134,6 +134,7 @@ {{ option_default_uncommented('Subsystem', 'sftp /usr/lib/openssh/sftp-server') }} +{% if not salt['grains.get']('os') == 'OpenBSD' -%} # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and @@ -144,6 +145,7 @@ # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. {{ option_default_uncommented('UsePAM', 'yes') }} +{%- endif %} # DNS resolve and map remote IP addresses {{ option('UseDNS', 'yes') }}