Subject: PAM vulnerability in portable OpenSSH
To: None <current-users@netbsd.org>
From: Dan Melomedman <dan@devonit.com>
List: current-users
Date: 09/23/2003 16:59:36
Interesting quote:

"Due to complexity, inconsistencies in the specification and differences
between vendors' PAM implementations we recommend that PAM be left disabled
in sshd_config unless there is a need for its use. Sites only using public
key or simple password authentication usually have little need to enable PAM
support."

Slander? Don't think so.