3.6.1p2, Spurious PAM failure messages WITH "PermitEmptyPasswords no", and a (micro) fix

[Douglas E. Engert]

Is this related to the problem I still see on the HP_UX 11.0 with 
PAM when the password="" The HP pam module failes. So I added back
the check for password == '\0' in auth-pam.c and everything works now.

It is still not clear why a password="" is being passed to PAM, 
other then to have the PAM exits get a look at the login. 



*** ,auth-pam.c Wed Apr 30 10:04:21 2003
--- auth-pam.c  Mon May  5 14:05:31 2003
***************
*** 210,215 ****
--- 210,227 ----
  
        do_pam_set_conv(&conv);
  
+ #if defined(__hpux)
+ /* add back this from 3.5 PAM on HP 11.0 segfaults 
+  * with password=""  */
+     /* deny if no user. */
+     if (pw == NULL)
+             return 0;
+     if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
+             return 0;
+     if (*password == '\0' && options.permit_empty_passwd == 0)
+             return 0;
+ #endif /* __hpux */
+ 
        __pampasswd = password;
  
        pamstate = INITIAL_LOGIN;


Frank Cusack wrote:
> 
> On Tue, May 06, 2003 at 08:46:51PM -0700, Lars wrote:
> > Hi,
> >
> > after installing 3.6.1p2 I noticed spurious PAM login failures
> > even with PermitEmptyPasswords set to "no":
> ...
> > That should really be
> > +       return ok && auth_pam_password(authctxt, password);
> >
> > (Note that ok is checked first, as I said in the subject its a trivial
> > micro fix)
> 
> No, that part of the code is correct as it stands.  Take a look at the
> list archives, this was discussed just a few days back.
> 
> /fc
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444