I think this is basically a dup of bug 109846. A missing ChallengeResponseAuthentication defaults to "yes", which causes a bypass of the PasswordAuthentication setting.
-- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
