[Bug 609] empty password accounts can login with random password

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jul 1 14:23:55 EST 2003


------- Additional Comments From advax at triumf.ca  2003-07-01 14:23 -------
OK, after messing around trying 3.6.1p2 I realize I had a "DenyUsers" line
in sshd_config on the RedHat 8 system which I had forgotten about.
The RedHat sshd.pam does not have nullok but it is chained to system-auth
which does. I guess unchaining it might work but I don't want to depart
too much from the stock distro especially in things I don't really understand
(like PAM)

So the issue is that PermitEmptyPasswords is ignored if PAM is used.
If PAM is really broken like this then maybe a note in the sshd_config manpage
is in order.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list