[Bug 2475] Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 26 19:55:56 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2475

Tomas Mraz <t8m at centrum.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |t8m at centrum.cz

--- Comment #3 from Tomas Mraz <t8m at centrum.cz> ---
Yes, calling pam_setcred in different process than pam_authenticate is
wrong. Even worse that pam_authenticate with empty password is called
in the original process that later calls the pam_setcred.

So this is really a bug in openssh.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list