[Bug 652] PermitEmptyPasswords option silently ignored

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Sep 17 21:43:38 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=652

           Summary: PermitEmptyPasswords option silently ignored
           Product: Portable OpenSSH
           Version: 3.7.1p1
          Platform: All
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: steve at earth.ox.ac.uk


Having upgraded to 3.7.1p1 from 3.6.1p2 using the following configure options:-

./configure --sysconfdir=/etc --with-rsh=/usr/ucb/rsh --with-xauth=/usr/openwin/
bin/xauth --with-default-path=/bin:/usr/ucb:/usr/bin:/usr/local/bin --with-ipv4-
default --with-ssl-dir=/usr/local/ssl

I've discovered that sshd silently ignores the PermitEmptyPasswords option in
the config file.

Researching further, it seems that the only place the option is referenced after
being set in auth-passwd.c, line 70 where the password has already been
requested from the user.

Unfortunately, even if a user merely hits RETURN at the passowrd prompt (s)he is
given the authentication fails for an account without a password.

If the functionality for NULL passwords has been removed on purpose then this
should be noted in the documentation and the configuration option should be
removed. Otherwise, this bug shold be fixed.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list