Patch to restrict other auth methods from allowing root password authentication
James F. Hranicky
jfh at cise.ufl.edu
Sat Sep 20 00:14:30 EST 2003
The attached patch restricts any keyboard-int method from allowing root
password authentication. Other methods (bsdauth? I don't even really know what
that is) could be added as well.
FWIW, it appears that when using the "password" method the code in auth.c
is never reached due to the following code in auth-passwd.c:
#ifndef HAVE_CYGWIN
if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
ok = 0;
#endif
meaning that this message in auth.c isn't logged in this case:
logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
If no one has any problems with the patch I'll open a bugzilla PR.
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| jfh at cise.ufl.edu http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
About politics:
Don't worry about results
It's the thought that counts
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ossh-auth.c.patch.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030919/9dc1fed6/attachment.txt
More information about the openssh-unix-dev
mailing list