[Bug 559] PAM fixes

Ben Lindstrom mouring at etoh.eviladmin.org
Tue May 13 13:41:27 EST 2003


[..]
+	 * REDACTED
+	 */
+	if (!options.password_authentication || !options.permit_empty_passwd)
+		return(0);

Check to ensure your not leaking account information via timing attacks by
re-adding this.

- Ben

On Tue, 13 May 2003 bugzilla-daemon at mindrot.org wrote:

> http://bugzilla.mindrot.org/show_bug.cgi?id=559
>
> fcusack at fcusack.com changed:
>
>            What    |Removed                     |Added
> ----------------------------------------------------------------------------
>  Attachment #289 is|0                           |1
>            obsolete|                            |
>
>
>
> ------- Additional Comments From fcusack at fcusack.com  2003-05-13 13:27 -------
> Created an attachment (id=292)
>  --> (http://bugzilla.mindrot.org/attachment.cgi?id=292&action=view)
> revised PAM patch
>
> revised patches based on djm comments
>
>
>
> ------- You are receiving this mail because: -------
> You are the assignee for the bug, or are watching the assignee.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list