From c905a284c15d9ca0f7e21e042d63bfc667ab5ed6 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 6 Dec 2011 17:31:11 +0100
Subject: [PATCH] warn about unsupported option UsePAM=no (#757545)

---
 openssh-5.8p2-log-usepam-no.patch | 28 ++++++++++++++++++++++++++++
 openssh.spec                      |  3 +++
 2 files changed, 31 insertions(+)
 create mode 100644 openssh-5.8p2-log-usepam-no.patch

diff --git a/openssh-5.8p2-log-usepam-no.patch b/openssh-5.8p2-log-usepam-no.patch
new file mode 100644
index 0000000..614d2cd
--- /dev/null
+++ b/openssh-5.8p2-log-usepam-no.patch
@@ -0,0 +1,28 @@
+diff --git a/sshd.c b/sshd.c
+index 8dcfdf2..95b63ad 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -1592,6 +1592,10 @@ main(int ac, char **av)
+ 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
+ 	    &cfg, NULL, NULL, NULL);
+ 
++	/* 'UsePAM no' is not supported in Fedora */
++	if (! options.use_pam)
++		logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems.");
++
+ 	seed_rng();
+ 
+ 	/* Fill in default values for those options not explicitly set. */
+diff --git a/sshd_config b/sshd_config
+index 8c16754..9f28b04 100644
+--- a/sshd_config
++++ b/sshd_config
+@@ -92,6 +92,8 @@ GSSAPICleanupCredentials yes
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and ChallengeResponseAuthentication to 'no'.
++# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
++# problems.
+ #UsePAM no
+ UsePAM yes
+ 
diff --git a/openssh.spec b/openssh.spec
index f92b2b8..4faa071 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -198,6 +198,8 @@ Patch67: openssh-5.8p2-unconfined.patch
 Patch69: openssh-5.8p2-askpass-ld.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=739989
 Patch70: openssh-5.8p2-copy-id-restorecon.patch
+# warn users for unsupported UsePAM=no
+Patch71: openssh-5.8p2-log-usepam-no.patch
 #---
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1604
 # sctp
@@ -437,6 +439,7 @@ popd
 %patch67 -p1 -b .unconfined
 %patch69 -p1 -b .askpass-ld
 %patch70 -p1 -b .restorecon
+%patch71 -p1 -b .log-usepam-no
 
 autoreconf
 pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}