[Bug 727] sshd built w/o pam support bypasses non-pam authentication code
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Oct 4 01:23:58 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=727
Summary: sshd built w/o pam support bypasses non-pam
authentication code
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: sshbugs at nissenhut.com
OpenSSH built without PAM support still gets options.use_pam = 1 set in
servconf.c. This causes code in other modules (e.g. auth.c) intended for non-
PAM sshds to be bypassed.
I noticed this while trying to determine why OpenSSH on Solaris 8 was not
processing expiration dates in /etc/shadow, despite code in auth.c:allowed_user
() intended to do this.
This has some security impact as it causes sshd to permit user logins that
would be prohibited by /bin/login.
Followup to bug #647 refers to the this setting of use_pam.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list