openssh/openssh-7.7p1-enable_PAM_by_default.patch

# HG changeset patch
# Parent  5c1e122e31b601de64d81085294216af33f31aed
# force PAM in defaullt install (this was removed from upstream in 3.8p1)
# bnc#46749
# --used to be called '-pam-fix2'

diff --git a/openssh-7.7p1/sshd_config b/openssh-7.7p1/sshd_config
--- openssh-7.7p1/sshd_config
+++ openssh-7.7p1/sshd_config
@@ -74,17 +74,17 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # and session processing. If this is enabled, PAM authentication will
 # be allowed through the ChallengeResponseAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via ChallengeResponseAuthentication may bypass
 # the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
+UsePAM yes
 
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
 X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
Accepting request 642573 from home:scarabeus_iv:branches:network - Update to 7.8p1: * no actual changes for the askpass - Format with spec-cleaner - Respect cflags - Use gtk3 rather than gtk2 which is being phased out - Remove the mention of the SLE12 in the README.SUSE - Install firewall rules only when really needed (<SLE15) - Version update to 7.8p1: * For most details see release notes file * ssh-keygen(1): write OpenSSH format private keys by default instead of using OpenSSL's PEM format - Rebase patches to apply on 7.8p1 release: * openssh-7.7p1-fips.patch * openssh-7.7p1-cavstest-kdf.patch * openssh-7.7p1-fips_checks.patch * openssh-7.7p1-gssapi_key_exchange.patch * openssh-7.7p1-audit.patch * openssh-7.7p1-openssl_1.1.0.patch * openssh-7.7p1-ldap.patch * openssh-7.7p1-IPv6_X_forwarding.patch * openssh-7.7p1-sftp_print_diagnostic_messages.patch * openssh-7.7p1-disable_short_DH_parameters.patch * openssh-7.7p1-hostname_changes_when_forwarding_X.patch * openssh-7.7p1-pam_check_locks.patch * openssh-7.7p1-seed-prng.patch * openssh-7.7p1-systemd-notify.patch * openssh-7.7p1-X11_trusted_forwarding.patch - Dropped patches: OBS-URL: https://build.opensuse.org/request/show/642573 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=153 2018-10-17 10:57:56 +02:00			`# HG changeset patch`
			`# Parent 5c1e122e31b601de64d81085294216af33f31aed`
			`# force PAM in defaullt install (this was removed from upstream in 3.8p1)`
			`# bnc#46749`
			`# --used to be called '-pam-fix2'`

			`diff --git a/openssh-7.7p1/sshd_config b/openssh-7.7p1/sshd_config`
			`--- openssh-7.7p1/sshd_config`
			`+++ openssh-7.7p1/sshd_config`
			`@@ -74,17 +74,17 @@ AuthorizedKeysFile .ssh/authorized_keys`
			`# and session processing. If this is enabled, PAM authentication will`
			`# be allowed through the ChallengeResponseAuthentication and`
			`# PasswordAuthentication. Depending on your PAM configuration,`
			`# PAM authentication via ChallengeResponseAuthentication may bypass`
			`# the setting of "PermitRootLogin without-password".`
			`# If you just want the PAM account and session checks to run without`
			`# PAM authentication, then enable this but set PasswordAuthentication`
			`# and ChallengeResponseAuthentication to 'no'.`
			`-#UsePAM no`
			`+UsePAM yes`

			`#AllowAgentForwarding yes`
			`#AllowTcpForwarding yes`
			`#GatewayPorts no`
			`X11Forwarding yes`
			`#X11DisplayOffset 10`
			`#X11UseLocalhost yes`
			`#PermitTTY yes`