diff --git a/roles/native-sshd/files/sshd_config b/roles/native-sshd/files/sshd_config
index da997c36..c5057301 100644
--- a/roles/native-sshd/files/sshd_config
+++ b/roles/native-sshd/files/sshd_config
@@ -80,7 +80,7 @@ ChallengeResponseAuthentication no
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-UsePAM no
+UsePAM yes
 
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
diff --git a/roles/native-sshd/readme.md b/roles/native-sshd/readme.md
index d3599430..07e391bb 100644
--- a/roles/native-sshd/readme.md
+++ b/roles/native-sshd/readme.md
@@ -1,4 +1,8 @@
 # role native-sshd
+## dependencies
 This role depends on that a well configured user administrator exist.
 For this reason this role depends on the role native-user-administrator.
 A wrong configuration of this role can lead to an lockout of the system which just will be reversal via chroot.  
+
+## PAM
+- https://www.google.com/search?client=firefox-b-d&q=sshd+why+to+deactivate+pam