Enable PAM Authentication

Use this group policy to enable PAM authentication, account processing, and session processing. When you enable this policy, PAM authentication is implemented through the ChallengeResponseAuthentication mechanism.

Depending on your PAM configuration, enabling this policy may bypass the sshd settings of PasswordAuthentication, PermitEmptyPasswords, and PermitRootLogin without-password.

If you just want the PAM account and session checks to run without PAM authentication, then enable this policy but disable the ChallengeResponseAuthentication mechanism in sshd.

Be certain that you are using a version of OpenSSH that supports PAM authentication. Otherwise, setting this policy will render the OpenSSH server unable to start.

This group policy modifies the UsePAM setting in the /etc/centrifydc/ssh/sshd_config file.