PermitRootLogin=yes no longer lets root login
Markus Friedl
markus at openbsd.org
Thu Mar 6 09:08:17 EST 2003
On Thu, Mar 06, 2003 at 08:53:39AM +1100, Darren Tucker wrote:
> Markus Friedl wrote:
> > On Thu, Jan 30, 2003 at 12:06:22AM +1100, Darren Tucker wrote:
> > > #ifndef HAVE_CYGWIN
> > > - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
> > > + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_NO_PASSWD)
> > >
> > > Was this intentional?
>
> > OpenBSD's code has
> ..
> > if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
> > return 0;
> ..
> > and this is intentional
>
> Um... I was querying the change from PERMIT_YES to PERMIT_NO_PASSWD in
> -portable, and AFAIK it was changed in error and has long since been
> fixed (or have I missed something?)
hm, password authentication for uid 0 should _only_
be allowed for PERMIT_YES; so
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
return 0;
is ok, or what am i missing?
More information about the openssh-unix-dev
mailing list