[Bug 652] PermitEmptyPasswords option silently ignored
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Sep 17 21:43:38 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=652
Summary: PermitEmptyPasswords option silently ignored
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: steve at earth.ox.ac.uk
Having upgraded to 3.7.1p1 from 3.6.1p2 using the following configure options:-
./configure --sysconfdir=/etc --with-rsh=/usr/ucb/rsh --with-xauth=/usr/openwin/
bin/xauth --with-default-path=/bin:/usr/ucb:/usr/bin:/usr/local/bin --with-ipv4-
default --with-ssl-dir=/usr/local/ssl
I've discovered that sshd silently ignores the PermitEmptyPasswords option in
the config file.
Researching further, it seems that the only place the option is referenced after
being set in auth-passwd.c, line 70 where the password has already been
requested from the user.
Unfortunately, even if a user merely hits RETURN at the passowrd prompt (s)he is
given the authentication fails for an account without a password.
If the functionality for NULL passwords has been removed on purpose then this
should be noted in the documentation and the configuration option should be
removed. Otherwise, this bug shold be fixed.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list