[Bug 609] empty password accounts can login with random password

Damien Miller djm at shitei.mindrot.org
Tue Jul 1 15:18:32 EST 2003



On Tue, 1 Jul 2003 bugzilla-daemon at mindrot.org wrote:

> http://bugzilla.mindrot.org/show_bug.cgi?id=609
>
>
>
>
>
> ------- Additional Comments From advax at triumf.ca  2003-07-01 14:23 -------
> OK, after messing around trying 3.6.1p2 I realize I had a "DenyUsers" line
> in sshd_config on the RedHat 8 system which I had forgotten about.
> The RedHat sshd.pam does not have nullok but it is chained to system-auth
> which does. I guess unchaining it might work but I don't want to depart
> too much from the stock distro especially in things I don't really understand
> (like PAM)
>
> So the issue is that PermitEmptyPasswords is ignored if PAM is used.
> If PAM is really broken like this then maybe a note in the sshd_config manpage
> is in order.
>
>
>
>
> ------- You are receiving this mail because: -------
> You are the assignee for the bug, or are watching the assignee.
>
> _______________________________________________
> openssh-bugs mailing list
> openssh-bugs at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-bugs
>




More information about the openssh-unix-dev mailing list