password_authtentication option ignored in auth handling

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Tue Jun 5 08:01:40 EST 2001


hm, no pam != password. 2.9 has a different fix.


On Mon, Jun 04, 2001 at 11:45:54PM +0200, Wichert Akkerman wrote:
> 
> There is one spot where the password_authentication option was ignored,
> patch follows.
> 
> Wichert.
> 
> diff -wur org/openssh-2.5.2p2/auth2.c openssh-2.5.2p2/auth2.c
> --- org/openssh-2.5.2p2/auth2.c Sun Mar 11 21:01:56 2001
> +++ openssh-2.5.2p2/auth2.c     Mon Jun  4 23:31:54 2001
> @@ -397,7 +397,7 @@
>                 authenticated = auth2_challenge(authctxt, devs);
> 
>  #ifdef USE_PAM
> -       if (authenticated == 0)
> +       if (options.password_authentication && authenticated == 0)
>                 authenticated = auth2_pam(authctxt);
>  #endif
>         xfree(lang);
> 
> -- 
>   _________________________________________________________________
>  /       Nothing is fool-proof to a sufficiently talented fool     \
> | wichert at cistron.nl                  http://www.liacs.nl/~wichert/ |
> | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |



More information about the openssh-unix-dev mailing list