From 0e1f6dbf280a2f5cb283f21cf82211497e963939 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Fri, 1 Jan 2021 23:25:56 +0100
Subject: [PATCH] activated pam

---
 roles/native-sshd/files/sshd_config | 2 +-
 roles/native-sshd/readme.md         | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/native-sshd/files/sshd_config b/roles/native-sshd/files/sshd_config
index da997c36..c5057301 100644
--- a/roles/native-sshd/files/sshd_config
+++ b/roles/native-sshd/files/sshd_config
@@ -80,7 +80,7 @@ ChallengeResponseAuthentication no
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-UsePAM no
+UsePAM yes
 
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
diff --git a/roles/native-sshd/readme.md b/roles/native-sshd/readme.md
index d3599430..07e391bb 100644
--- a/roles/native-sshd/readme.md
+++ b/roles/native-sshd/readme.md
@@ -1,4 +1,8 @@
 # role native-sshd
+## dependencies
 This role depends on that a well configured user administrator exist.
 For this reason this role depends on the role native-user-administrator.
 A wrong configuration of this role can lead to an lockout of the system which just will be reversal via chroot.  
+
+## PAM
+- https://www.google.com/search?client=firefox-b-d&q=sshd+why+to+deactivate+pam