- (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
diff --git a/auth-pam.c b/auth-pam.c
index f471803..234e8f4 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -49,6 +49,8 @@
#include "ssh2.h"
#include "xmalloc.h"
+extern ServerOptions options;
+
#define __unused
#ifdef USE_POSIX_THREADS
@@ -276,7 +278,6 @@
static int
sshpam_init(const char *user)
{
- extern ServerOptions options;
extern u_int utmp_len;
const char *pam_rhost, *pam_user;
@@ -313,6 +314,10 @@
struct pam_ctxt *ctxt;
int socks[2];
+ /* Refuse to start if we don't have PAM enabled */
+ if (!options.use_pam)
+ return NULL;
+
/* Initialize PAM */
if (sshpam_init(authctxt->user) == -1) {
error("PAM: initialization failed");