openssh 3.6.1_p2 problem with pam (fwd)
Frank Cusack
fcusack at fcusack.com
Sat May 3 07:27:06 EST 2003
On Fri, May 02, 2003 at 02:03:52PM +0200, Andrea Barisani wrote:
> I don't suppose that this is a correct beahviour, what do you think?
Yes, it's not correct behavior. However, this isn't new to 3.6.1.
Not sure why you're only seeing it now.
This should help you out:
--- openssh/auth1.c Sun Feb 23 16:59:27 2003
+++ openssh/auth1.c Thu May 1 22:27:29 2003
@@ -80,7 +80,7 @@
authctxt->valid ? "" : "illegal user ", authctxt->user);
/* If the user has no password, accept authentication immediately. */
- if (options.password_authentication &&
+ if (options.password_authentication && options.permit_empty_passwd &&
#if defined(KRB4) || defined(KRB5)
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
--- openssh/auth2-none.c Tue Apr 29 02:12:08 2003
+++ openssh/auth2-none.c Thu May 1 22:27:29 2003
@@ -100,6 +100,25 @@
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
+
+ /*
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ * REDACTED
+ */
+ if (!options.permit_empty_passwd)
+ return(0);
+
return PRIVSEP(auth_password(authctxt, "")) && authctxt->valid;
}
More information about the openssh-unix-dev
mailing list