- Prepare for 1.2.1pre20

19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
2025-07-30 01:05:14 +02:00 · 1999-12-25 10:11:29 +11:00 · 1999-12-25 10:11:29 +11:00 · 2e1b082dfb
commit 2e1b082dfb
parent 1b0c228ec4
13 changed files with 205 additions and 137 deletions
--- a/11
+++ b/11
@ -1,3 +1,14 @@
 19991225
 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
 - Cleanup of auth-passwd.c for shadow and MD5 passwords
 - Cleanup and bugfix of PAM authentication code
 19991223
 - Merged later HPUX patch from Andre Lucas 
   <andre.lucas@dial.pipex.com>
 - Above patch included better utmpx support from Ben Taylor
   <bent@clark.net>:
 19991222
 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen 
   <pope@netguide.dk>
--- a/acconfig.h
+++ b/acconfig.h
@ -30,6 +30,9 @@
 /* Define is utmpx.h has a ut_host field */
 #undef HAVE_HOST_IN_UTMPX
 /* Define is utmpx.h has a syslen field */
 #undef HAVE_SYSLEN_IN_UTMPX
 /* Define if you want to use utmpx */
 #undef USE_UTMPX
@ -63,6 +66,9 @@
 /* Define if xauth is found in your path */
 #undef XAUTH_PATH
 /* Define if rsh is found in your path */
 #undef RSH_PATH
 /* Define if you want to allow MD5 passwords */
 #undef HAVE_MD5_PASSWORDS
@ -76,6 +82,9 @@
 /* to pam_strerror */
 #undef HAVE_OLD_PAM
 /* Set this to your mail directory if you don't have maillock.h */
 #undef MAIL_DIRECTORY
 /* Data types */
 #undef HAVE_QUAD_T
 #undef HAVE_INTXX_T
@ -197,36 +206,19 @@ enum
 # endif
 #endif
 /* Use utmpx if supported */
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 # define UTMP_STR utmpx
 #else 
 # ifdef HAVE_UTMP_H
 #  define UTMP_STR utmp
 # endif
 #endif
 #ifndef _PATH_UTMP
-# if defined(UTMPX_FILE) && defined(USE_UTMPX)
+# ifdef UTMP_FILE
-#  define _PATH_UTMP UTMPX_FILE
+#  define _PATH_UTMP UTMP_FILE
 # else
-#  ifdef UTMP_FILE
+#  define _PATH_UTMP "/var/adm/utmp"
 #   define _PATH_UTMP UTMP_FILE
 #  else
 #   define _PATH_UTMP "/var/adm/utmp"
 #  endif
 # endif
 #endif
 #ifndef _PATH_WTMP
-# if defined(WTMPX_FILE) && defined(USE_UTMPX)
+# ifdef WTMP_FILE
-#  define _PATH_WTMP WTMPX_FILE
+#  define _PATH_WTMP WTMP_FILE
 # else
-#  ifdef WTMP_FILE
+#  define _PATH_WTMP "/var/adm/wtmp"
 #   define _PATH_WTMP WTMP_FILE
 #  else
 #   define _PATH_WTMP "/var/adm/wtmp"
 #  endif
 # endif
 #endif
@ -242,16 +234,14 @@ enum
 # define _PATH_DEVNULL "/dev/null"
 #endif
-#ifndef _PATH_MAILDIR
+#ifndef MAILDIR
-# ifdef MAILDIR
+# define MAILDIR MAIL_DIRECTORY
 #  define _PATH_MAILDIR MAILDIR
 # else
 #  ifdef MAIL_DIRECTORY
 #   define _PATH_MAILDIR MAIL_DIRECTORY
 #  endif
 # endif
 #endif
 #if !defined(_PATH_MAILDIR) && defined(MAILDIR)
 # define _PATH_MAILDIR MAILDIR
 #endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
 #ifndef MAX
 # define MAX(a,b) (((a)>(b))?(a):(b))
 # define MIN(a,b) (((a)<(b))?(a):(b))
@ -287,3 +277,13 @@ enum
 #if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
 # define seteuid(a) setreuid(-1,a)
 #endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */
 #ifndef HAVE_INNETGR
 # define innetgr(a,b,c,d) (0)
 #endif /* HAVE_INNETGR */
 #ifndef _PATH_RSH
 # ifdef RSH_PATH
 #  define _PATH_RSH RSH_PATH
 # endif /* RSH_PATH */
 #endif /* _PATH_RSH */
--- a/auth-passwd.c
+++ b/auth-passwd.c
@ -9,9 +9,9 @@
 #include "includes.h"
-#ifndef HAVE_PAM
+#ifndef HAVE_LIBPAM
-RCSID("$Id: auth-passwd.c,v 1.10 1999/12/21 10:03:09 damien Exp $");
+RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@ -35,6 +35,8 @@ auth_password(struct passwd * pw, const char *password)
 {
 	extern ServerOptions options;
 	char *encrypted_password;
 	char *pw_password;
 	char *salt;
 #ifdef HAVE_SHADOW_H
 	struct spwd *spw;
 #endif
@ -68,48 +70,35 @@ auth_password(struct passwd * pw, const char *password)
 	if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
 		return 1;
 	pw_password = pw->pw_passwd;
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
 	spw = getspnam(pw->pw_name);
-	if (spw == NULL)
+	if (spw == NULL) 
 		return(0);
 	if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
 		fatal("Shadow lookup returned garbage.");
 	/* Check for users with no password. */
 	if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
 		return 1;
-	if (strlen(spw->sp_pwdp) < 3)
+	pw_password = spw->sp_pwdp;
 		return(0);
 	/* Encrypt the candidate password using the proper salt. */
 #ifdef HAVE_MD5_PASSWORDS
 	if (is_md5_salt(spw->sp_pwdp))
 		encrypted_password = md5_crypt(password, spw->sp_pwdp);
 	else
 		encrypted_password = crypt(password, spw->sp_pwdp);
 #else /* HAVE_MD5_PASSWORDS */    
 	encrypted_password = crypt(password, spw->sp_pwdp);
 #endif /* HAVE_MD5_PASSWORDS */    
 	/* Authentication is accepted if the encrypted passwords are identical. */
 	return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
 #else /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
 	if (strlen(pw->pw_passwd) < 3)
 		return(0);
 #ifdef HAVE_MD5_PASSWORDS
 	if (is_md5_salt(pw->pw_passwd))
 		encrypted_password = md5_crypt(password, pw->pw_passwd);
 	else
 		encrypted_password = crypt(password, pw->pw_passwd);
 #else /* HAVE_MD5_PASSWORDS */    
 	encrypted_password = crypt(password, pw->pw_passwd);
 #endif /* HAVE_MD5_PASSWORDS */    
 	/* Authentication is accepted if the encrypted passwords are identical. */
 	return (strcmp(encrypted_password, pw->pw_passwd) == 0);
 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
 	if (pw_password[0] != '\0')
 		salt = pw_password;
 	else
 		salt = "xx";
 #ifdef HAVE_MD5_PASSWORDS
 	if (is_md5_salt(salt))
 		encrypted_password = md5_crypt(password, salt);
 	else
 		encrypted_password = crypt(password, salt);
 #else /* HAVE_MD5_PASSWORDS */    
 	encrypted_password = crypt(password, salt);
 #endif /* HAVE_MD5_PASSWORDS */    
 	/* Authentication is accepted if the encrypted passwords are identical. */
 	return (strcmp(encrypted_password, pw_password) == 0);
 }
-#endif /* !HAVE_PAM */
+#endif /* !HAVE_LIBPAM */
--- a/bsd-login.c
+++ b/bsd-login.c
@ -54,53 +54,63 @@ static char *rcsid = "$OpenBSD: login.c,v 1.5 1998/07/13 02:11:12 millert Exp $"
 #include <stdio.h>
 #include <string.h>
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 void
 login(utp,utx)
 	struct utmp *utp;
 	struct utmpx *utx;
 #else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 void
 login(utp)
-	struct UTMP_STR *utp;
+	struct utmp *utp;
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 {
-	struct UTMP_STR old_ut;
+	struct utmp old_ut;
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 	struct utmpx *old_utx;
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 	register int fd;
 	int tty;
 #ifndef UT_LINESIZE
 # define UT_LINESIZE (sizeof(old_ut.ut_line))
-# if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+# define UT_NAMESIZE (sizeof(old_ut.ut_name))
 #  define UT_NAMESIZE (sizeof(old_ut.ut_user))
 # else
 #  define UT_NAMESIZE (sizeof(old_ut.ut_name))
 # endif
 # ifdef HAVE_HOST_IN_UTMP
 #  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
 # endif
 # if defined(HAVE_HOST_IN_UTMPX) && defined(USE_UTMPX)
 #  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
 # endif
 #endif
 	tty = ttyslot();
 	if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) {
-#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX)
+#if defined(HAVE_HOST_IN_UTMP)
-		(void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
+		(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
 		/*
 		 * Prevent luser from zero'ing out ut_host.
 		 * If the new ut_line is empty but the old one is not
 		 * and ut_line and ut_name match, preserve the old ut_line.
 		 */
-		if (read(fd, &old_ut, sizeof(struct UTMP_STR)) ==
+		if (read(fd, &old_ut, sizeof(struct utmp)) ==
-		    sizeof(struct UTMP_STR) && utp->ut_host[0] == '\0' &&
+		    sizeof(struct utmp) && utp->ut_host[0] == '\0' &&
 		    old_ut.ut_host[0] != '\0' &&
 		    strncmp(old_ut.ut_line, utp->ut_line, UT_LINESIZE) == 0 &&
 		    strncmp(old_ut.ut_name, utp->ut_name, UT_NAMESIZE) == 0)
 			(void)memcpy(utp->ut_host, old_ut.ut_host, UT_HOSTSIZE);
-#endif /* defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX) */
+#endif /* defined(HAVE_HOST_IN_UTMP) */
-		(void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
+		(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
-		(void)write(fd, utp, sizeof(struct UTMP_STR));
+		(void)write(fd, utp, sizeof(struct utmp));
 		(void)close(fd);
 	}
 	if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
-		(void)write(fd, utp, sizeof(struct UTMP_STR));
+		(void)write(fd, utp, sizeof(struct utmp));
 		(void)close(fd);
 	}
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 	old_utx = pututxline(utx);
 # ifdef HAVE_UPDWTMPX
 	updwtmpx(_PATH_WTMPX, utx);
 # endif /* HAVE_UPDWTMPX */
 	endutxent();
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 }
 #endif /* HAVE_LOGIN */
--- a/bsd-login.h
+++ b/bsd-login.h
@ -1,13 +1,22 @@
 #ifndef _BSD_LOGIN_H
-#define _BSD_LOGIN_H
+# define _BSD_LOGIN_H
-#include "config.h"
+# include "config.h"
-#ifndef HAVE_LOGIN
+# ifndef HAVE_LOGIN
-#include <utmp.h>
+#  include <utmp.h>
-void login(struct UTMP_STR *utp);
+#  if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 #   include <utmpx.h>
-#endif /* !HAVE_LOGIN */
+void login(struct utmp *utp, struct utmpx *utx);
 #   else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 void login(struct utmp *utp);
 #  endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 # endif /* !HAVE_LOGIN */
 #endif /* _BSD_LOGIN_H */
--- a/configure.in
+++ b/configure.in
@ -9,10 +9,25 @@ AC_PROG_CPP
 AC_PROG_RANLIB
 AC_PROG_INSTALL
 AC_CHECK_PROG(AR, ar, ar)
 dnl Check for the path to xauth
 AC_PATH_PROG(xauth_path, xauth)
-AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
+
 dnl Use ip address instead of hostname in $DISPLAY
 AC_ARG_WITH(rsh,
 	[  --with-rsh=PATH         Specify path to remote shell program ],
 	[
 		AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
 	],
 	[
 		AC_PATH_PROG(rsh_path, rsh)
 	]
 )
 if test ! -z "$xauth_path" ; then
 	AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
 fi
 if test ! -z "$rsh_path" ; then
 	AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
 fi
 dnl Checks for compiler characteristics
 if test "$GCC" = "yes"; then CFLAGS="$CFLAGS -Wall"; fi
@ -27,6 +42,7 @@ case "$host" in
 	fi
 	CFLAGS="$CFLAGS -D_HPUX_SOURCE"
 	AC_DEFINE(IPADDR_IN_DISPLAY)
 	AC_DEFINE(USE_UTMPX)
 	AC_MSG_CHECKING(for HPUX trusted system password database)
 	if test -f /tcb/files/auth/system/default; then
 		AC_MSG_RESULT(yes)
@ -80,15 +96,22 @@ AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil")
 AC_CHECK_LIB(nsl, yp_match, , )
 AC_CHECK_LIB(socket, main, , )
-dnl libdl is needed by PAM on Redhat systems
+dnl Use ip address instead of hostname in $DISPLAY
-AC_CHECK_LIB(dl, dlopen, , )
+AC_ARG_WITH(pam,
-AC_CHECK_LIB(pam, pam_authenticate, , )
+	[  --without-pam           Disable PAM support ],
 	[
 		if test "x$withval" != "xno" ; then
 			AC_CHECK_LIB(dl, dlopen, , )
 			AC_CHECK_LIB(pam, pam_authenticate, , )
 		fi
 	]
 )
 dnl Checks for header files.
-AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow_h util.h utmp.h utmpx.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h)
+AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h util.h utmp.h utmpx.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h)
 dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random mkdtemp openpty _getpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy vsnprintf)
+AC_CHECK_FUNCS(arc4random updwtmpx mkdtemp openpty _getpty innetgr setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy vsnprintf)
 AC_CHECK_FUNC(login, 
 	[AC_DEFINE(HAVE_LOGIN)],
@ -220,19 +243,21 @@ if test -z "$RANDOM_POOL" -a -z "$EGD_POOL"; then
 	AC_MSG_ERROR([No random device found, and no EGD random pool specified])
 fi
 dnl Check for ut_host field in utmp
 AC_MSG_CHECKING([whether utmp.h has ut_host field])
 AC_EGREP_HEADER(ut_host, utmp.h, 
 	[AC_DEFINE(HAVE_HOST_IN_UTMP) AC_MSG_RESULT(yes); ], 
 	[AC_MSG_RESULT(no)]
 )
 dnl Check for ut_host field in utmpx
 AC_MSG_CHECKING([whether utmpx.h has ut_host field])
 AC_EGREP_HEADER(ut_host, utmpx.h, 
 	[AC_DEFINE(HAVE_HOST_IN_UTMPX) AC_MSG_RESULT(yes); ], 
 	[AC_MSG_RESULT(no)]
 )
 AC_MSG_CHECKING([whether utmpx.h has syslen field])
 AC_EGREP_HEADER(syslen, utmpx.h, 
 	[AC_DEFINE(HAVE_SYSLEN_IN_UTMPX) AC_MSG_RESULT(yes); ], 
 	[AC_MSG_RESULT(no)]
 )
 dnl Look for lastlog location
 AC_ARG_WITH(lastlog,
--- a/includes.h
+++ b/includes.h
@ -81,6 +81,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #include "bsd-mktemp.h"
 #include "bsd-snprintf.h"
 #include "bsd-daemon.h"
 #include "bsd-login.h"
 /* Define this to be the path of the xauth program. */
 #ifndef XAUTH_PATH
--- a/login.c
+++ b/login.c
@ -18,7 +18,7 @@
 */
 #include "includes.h"
-RCSID("$Id: login.c,v 1.10 1999/12/22 05:09:48 damien Exp $");
+RCSID("$Id: login.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 # include <utmpx.h>
@ -133,28 +133,44 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid,
 	struct lastlog ll;
 	char *lastlog;
 #endif /* defined(_PATH_LASTLOG) && !defined(DISABLE_LASTLOG) */
-	struct UTMP_STR u;
+	struct utmp u;
-	const char *utmp, *wtmp;
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 	struct utmpx utx;
 #endif
 	/* Construct an utmp/wtmp entry. */
 	memset(&u, 0, sizeof(u));
 	strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));
-#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+	u.ut_pid = (pid_t)pid;
 	u.ut_tv.tv_sec = time(NULL);
 	strncpy(u.ut_user, user, sizeof(u.ut_name));
 #else
 	u.ut_time = time(NULL);
 	strncpy(u.ut_name, user, sizeof(u.ut_name));
-#endif
+ 	u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
-#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX)
+#if defined(HAVE_HOST_IN_UTMP)
 	strncpy(u.ut_host, host, sizeof(u.ut_host));
 #endif
-	/* Figure out the file names. */
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
-	utmp = _PATH_UTMP;
+	memset(&utx, 0, sizeof(utx));
-	wtmp = _PATH_WTMP;
+	strncpy(utx.ut_user, user, sizeof(utx.ut_name));
 	strncpy(utx.ut_line, ttyname + 5, sizeof(utx.ut_line));
 	utx.ut_pid = (pid_t)pid;
 	utx.ut_tv.tv_sec = time(NULL);
 	u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
 #ifdef HAVE_HOST_IN_UTMPX
 #ifdef HAVE_SYSLEN_IN_UTMPX
 	utx.ut_syslen = strlen(host);
 	strncpy(utx.ut_host, host, utx.ut_syslen );
 #else
 	strncpy(utx.ut_host, host, sizeof(utx.ut_host));
 #endif /* HAVE_SYSLEN_IN_UTMPX */
 #endif
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)
 	login(&u, &utx);
 #else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 	login(&u);
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 #if defined(_PATH_LASTLOG) && !defined(DISABLE_LASTLOG)
 	lastlog = _PATH_LASTLOG;
--- a/packages/redhat/openssh.spec
+++ b/packages/redhat/openssh.spec
@ -1,6 +1,6 @@
 Summary: OpenSSH free Secure Shell (SSH) implementation
 Name: openssh
-Version: 1.2.1pre19
+Version: 1.2.1pre20
 Release: 1
 Packager: Damien Miller <djm@ibs.com.au>
 Source0: openssh-%{version}.tar.gz
--- a/packages/redhat/sshd.pam
+++ b/packages/redhat/sshd.pam
@ -1,5 +1,5 @@
 #%PAM-1.0
-auth       required     /lib/security/pam_pwdb.so shadow
+auth       required     /lib/security/pam_pwdb.so shadow nowait
 auth       required     /lib/security/pam_nologin.so
 account    required     /lib/security/pam_pwdb.so
 password   required     /lib/security/pam_cracklib.so
--- a/packages/suse/openssh.spec
+++ b/packages/suse/openssh.spec
@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) implementation
 Name: openssh
-Version: 1.2.1pre19
+Version: 1.2.1pre20
 Release: 1
 Source0: openssh-%{version}.tar.gz
 Copyright: BSD
--- a/sshd.c
+++ b/sshd.c
@ -11,7 +11,7 @@
 */
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.39 1999/12/14 04:43:03 damien Exp $");
+RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $");
 #ifdef HAVE_POLL_H
 # include <poll.h>
@ -146,6 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
 #ifdef HAVE_LIBPAM
 static int pamconv(int num_msg, const struct pam_message **msg,
 	  struct pam_response **resp, void *appdata_ptr);
 int do_pam_auth(const char *user, const char *password);
 void do_pam_account(char *username, char *remote_user);
 void do_pam_session(char *username, char *ttyname);
 void pam_cleanup_proc(void *context);
@ -237,6 +238,23 @@ void pam_cleanup_proc(void *context)
 	}
 }
 int do_pam_auth(const char *user, const char *password)
 {
 	int pam_retval;
 	pampasswd = password;
 	pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
 	if (pam_retval == PAM_SUCCESS) {
 		log("PAM Password authentication accepted for user \"%.100s\"", user);
 		return 1;
 	} else {
 		log("PAM Password authentication for \"%.100s\" failed: %s", 
 			user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		return 0;
 	}
 }
 void do_pam_account(char *username, char *remote_user)
 {
 	int pam_retval;
@ -1292,7 +1310,11 @@ do_authentication(char *user)
 #ifdef KRB4
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif /* KRB4 */
 #ifdef HAVE_LIBPAM
 	    do_pam_auth(pw->pw_name, "")) {
 #else /* HAVE_LIBPAM */
 	    auth_password(pw, "")) {
 #endif /* HAVE_LIBPAM */
 		/* Authentication with empty password succeeded. */
 		log("Login for user %s from %.100s, accepted without authentication.",
 		    pw->pw_name, get_remote_ipaddr());
@ -1503,29 +1525,14 @@ do_authloop(struct passwd * pw)
 #ifdef HAVE_LIBPAM
 			/* Do PAM auth with password */
-			pampasswd = password;
+			authenticated = do_pam_auth(pw->pw_name, password);
 			pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
 			if (pam_retval == PAM_SUCCESS) {
 				log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
 				memset(password, 0, strlen(password));
 				xfree(password);
 				authenticated = 1;
 				break;
 			}
 			log("PAM Password authentication for \"%.100s\" failed: %s", 
 				pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 			memset(password, 0, strlen(password));
 			xfree(password);
 			break;
 #else /* HAVE_LIBPAM */
 			/* Try authentication with the password. */
 			authenticated = auth_password(pw, password);
-
+#endif /* HAVE_LIBPAM */
 			memset(password, 0, strlen(password));
 			xfree(password);
 			break;
 #endif /* HAVE_LIBPAM */
 #ifdef SKEY
 		case SSH_CMSG_AUTH_TIS:
--- a/sshd.pam.generic
+++ b/sshd.pam.generic
@ -1,5 +1,5 @@
 #%PAM-1.0
-auth       required     /lib/security/pam_unix.so shadow
+auth       required     /lib/security/pam_unix.so shadow nowait
 auth       required     /lib/security/pam_nologin.so
 account    required     /lib/security/pam_unix.so
 password   required     /lib/security/pam_cracklib.so