3.6.1p2, Spurious PAM failure messages WITH "PermitEmptyPasswords no", and a (micro) fix

Lars lhofhansl at yahoo.com
Wed May 7 13:46:51 EST 2003


after installing 3.6.1p2 I noticed spurious PAM login failures
even with PermitEmptyPasswords set to "no":

sshd(pam_unix)[1740]: authentication failure; logname=XXX uid=0 euid=0 
tty=NODEVssh ruser= rhost=localhost  user=XXX

After looking at the code I noticed the following in the portability p2 

+++ openssh-3.6.1p2/auth-passwd.c       2003-04-29 19:12:08.000000000 +1000
+#if defined(USE_PAM)
+       return auth_pam_password(authctxt, password) && ok;
+#elif defined(HAVE_OSF_SIA)

That should really be
+       return ok && auth_pam_password(authctxt, password);

(Note that ok is checked first, as I said in the subject its a trivial
micro fix)

I changed that and it works fine now. This should be integrated
in the patch.

-- Lars

More information about the openssh-unix-dev mailing list