.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
.It Cm KerberosAuthentication
Specifies whether Kerberos authentication is allowed.
This can be in the form of a Kerberos ticket, or if
-.It Cm PAMAuthenticationViaKbdInt
-Specifies whether PAM challenge response authentication is allowed. This
-allows the use of most PAM challenge response authentication modules, but
-it will allow password authentication regardless of whether
.Cm PasswordAuthentication
is yes, the password provided by the user will be validated through
the Kerberos KDC.
are refused if the number of unauthenticated connections reaches
.Dq full
(60).
+.It Cm PAMAuthenticationViaKbdInt
+Specifies whether PAM challenge response authentication is allowed. This
+allows the use of most PAM challenge response authentication modules, but
+it will allow password authentication regardless of whether
+.Cm PasswordAuthentication
+is enabled.
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
.Dq no
root is not allowed to login.
.It Cm PidFile
-Specifies the file that contains the process identifier of the
+Specifies the file that contains the process ID of the
.Nm sshd
daemon.
The default is