[Bug 2475] Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 26 19:55:56 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2475
Tomas Mraz <t8m at centrum.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |t8m at centrum.cz
--- Comment #3 from Tomas Mraz <t8m at centrum.cz> ---
Yes, calling pam_setcred in different process than pam_authenticate is
wrong. Even worse that pam_authenticate with empty password is called
in the original process that later calls the pam_setcred.
So this is really a bug in openssh.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list