openssh 3.6.1_p2 problem with pam (fwd)

Andrea Barisani lcars at infis.univ.trieste.it
Sat May 3 08:24:44 EST 2003 

On Fri, May 02, 2003 at 02:27:06PM -0700, Frank Cusack wrote:
> On Fri, May 02, 2003 at 02:03:52PM +0200, Andrea Barisani wrote:
> > I don't suppose that this is a correct beahviour, what do you think?
> 
> Yes, it's not correct behavior.  However, this isn't new to 3.6.1.
> Not sure why you're only seeing it now.

Because I've upgraded from 3.5_p1, sorry for not having mentioned that.
The patch seems to work, thanks a lot. I'll try to understand it and fully test 
pam behaviour tomorrow, now is too late :).

I suppose that we'll be seeing this patch in the next version, am I right?

Thanks again.

Bye

> 
> This should help you out:
> 
> --- openssh/auth1.c	Sun Feb 23 16:59:27 2003
> +++ openssh/auth1.c	Thu May  1 22:27:29 2003
> @@ -80,7 +80,7 @@
>  	    authctxt->valid ? "" : "illegal user ", authctxt->user);
>  
>  	/* If the user has no password, accept authentication immediately. */
> -	if (options.password_authentication &&
> +	if (options.password_authentication && options.permit_empty_passwd &&
>  #if defined(KRB4) || defined(KRB5)
>  	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
>  #endif
> --- openssh/auth2-none.c	Tue Apr 29 02:12:08 2003
> +++ openssh/auth2-none.c	Thu May  1 22:27:29 2003
> @@ -100,6 +100,25 @@
>  	if (check_nt_auth(1, authctxt->pw) == 0)
>  		return(0);
>  #endif
> +
> +	/*
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 * REDACTED
> +	 */
> +	if (!options.permit_empty_passwd)
> +		return(0);
> +
>  	return PRIVSEP(auth_password(authctxt, "")) && authctxt->valid;
>  }
>  
--
------------------------------------------------------------
INFIS Network Administrator & Security Officer         .*. 
Department of Physics       - University of Trieste    /V\
lcars at infis.univ.trieste.it - PGP Key 0x8E21FE82      (/ \)
----------------------------------------------------  (   )
"How would you know I'm mad?" said Alice.             ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------

More information about the openssh-unix-dev mailing list