- PAM bugfix. PermitEmptyPassword was being ignored.

- Fixed PAM config files to allow empty passwords if server does.
 - Explained spurious PAM auth warning workaround in UPGRADING
This commit is contained in:
Damien Miller 1999-12-27 10:45:54 +11:00
parent 5a3e68382d
commit 373d2917a8
6 changed files with 13 additions and 6 deletions

View File

@ -4,6 +4,9 @@
- Removed credits from README to CREDITS file, updated.
- Added --with-default-path to specify custom path for server
- Removed #ifdef trickery from acconfig.h into defines.h
- PAM bugfix. PermitEmptyPassword was being ignored.
- Fixed PAM config files to allow empty passwords if server does.
- Explained spurious PAM auth warning workaround in UPGRADING
19991226
- Enabled utmpx support by default for Solaris

4
TODO
View File

@ -4,9 +4,7 @@
- Better documentation
- Port to other platforms (Finish Solaris support)
- Fix paths in manpages using autoconf
- Port to other platforms
- Better testing on non-PAM systems

View File

@ -53,3 +53,6 @@ These are generated because OpenSSH first tries to determine whether a
user needs authentication to login (e.g. empty password). Unfortunatly
PAM likes to log all authentication events, this one included.
If it annoys you too much, set "PermitEmptyPasswords no" in
sshd_config. This will quiet the error message at the expense of
disabling logins to accounts with no password set.

View File

@ -1,5 +1,5 @@
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nodelay
auth required /lib/security/pam_pwdb.so shadow nodelay nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so

5
sshd.c
View File

@ -11,7 +11,7 @@
*/
#include "includes.h"
RCSID("$Id: sshd.c,v 1.43 1999/12/26 03:04:33 damien Exp $");
RCSID("$Id: sshd.c,v 1.44 1999/12/26 23:45:54 damien Exp $");
#ifdef HAVE_POLL_H
# include <poll.h>
@ -242,6 +242,9 @@ int do_pam_auth(const char *user, const char *password)
{
int pam_retval;
if ((options.permit_empty_passwd == 0) && (password[0] == '\0')
return 0;
pampasswd = password;
pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);

View File

@ -1,5 +1,5 @@
#%PAM-1.0
auth required /lib/security/pam_unix.so shadow nodelay
auth required /lib/security/pam_unix.so shadow nodelay nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so