patch: openssh empty password fail with pam/sshv1
David Wu
davidwu at nbttech.com
Tue Jun 22 14:11:37 EST 2004
Hi,
We've encountered a bug with OpenSSH 3.8.1p1 on Linux. With an account
that has an empty password and with PAM and Privilege Separation turned
on through the SSH1 protocol, the login fails with:
fatal: mm_request_receive_expect: read: rtype 24 != type 46
I believe the problem is a missing do_pam_account() call. The patch below
to auth1.c fixes the problem. If this is correct, can someone please
commit this?
Thanks,
Dave.
--- auth1.c 19 Jun 2004 00:51:06 -0000 1.1
+++ auth1.c 22 Jun 2004 04:07:38 -0000 1.5
@@ -81,8 +81,13 @@
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
PRIVSEP(auth_password(authctxt, ""))) {
- auth_log(authctxt, 1, "without authentication", "");
- return;
+#ifdef USE_PAM
+ if (options.use_pam && (PRIVSEP(do_pam_account())))
+#endif
+ {
+ auth_log(authctxt, 1, "without authentication", "");
+ return;
+ }
}
/* Indicate that authentication is needed. */
More information about the openssh-unix-dev
mailing list