- PAM bugfix. PermitEmptyPassword was being ignored.
- Fixed PAM config files to allow empty passwords if server does. - Explained spurious PAM auth warning workaround in UPGRADING
This commit is contained in:
parent
5a3e68382d
commit
373d2917a8
|
@ -4,6 +4,9 @@
|
|||
- Removed credits from README to CREDITS file, updated.
|
||||
- Added --with-default-path to specify custom path for server
|
||||
- Removed #ifdef trickery from acconfig.h into defines.h
|
||||
- PAM bugfix. PermitEmptyPassword was being ignored.
|
||||
- Fixed PAM config files to allow empty passwords if server does.
|
||||
- Explained spurious PAM auth warning workaround in UPGRADING
|
||||
|
||||
19991226
|
||||
- Enabled utmpx support by default for Solaris
|
||||
|
|
4
TODO
4
TODO
|
@ -4,9 +4,7 @@
|
|||
|
||||
- Better documentation
|
||||
|
||||
- Port to other platforms (Finish Solaris support)
|
||||
|
||||
- Fix paths in manpages using autoconf
|
||||
- Port to other platforms
|
||||
|
||||
- Better testing on non-PAM systems
|
||||
|
||||
|
|
|
@ -53,3 +53,6 @@ These are generated because OpenSSH first tries to determine whether a
|
|||
user needs authentication to login (e.g. empty password). Unfortunatly
|
||||
PAM likes to log all authentication events, this one included.
|
||||
|
||||
If it annoys you too much, set "PermitEmptyPasswords no" in
|
||||
sshd_config. This will quiet the error message at the expense of
|
||||
disabling logins to accounts with no password set.
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#%PAM-1.0
|
||||
auth required /lib/security/pam_pwdb.so shadow nodelay
|
||||
auth required /lib/security/pam_pwdb.so shadow nodelay nullok
|
||||
auth required /lib/security/pam_nologin.so
|
||||
account required /lib/security/pam_pwdb.so
|
||||
password required /lib/security/pam_cracklib.so
|
||||
|
|
5
sshd.c
5
sshd.c
|
@ -11,7 +11,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: sshd.c,v 1.43 1999/12/26 03:04:33 damien Exp $");
|
||||
RCSID("$Id: sshd.c,v 1.44 1999/12/26 23:45:54 damien Exp $");
|
||||
|
||||
#ifdef HAVE_POLL_H
|
||||
# include <poll.h>
|
||||
|
@ -242,6 +242,9 @@ int do_pam_auth(const char *user, const char *password)
|
|||
{
|
||||
int pam_retval;
|
||||
|
||||
if ((options.permit_empty_passwd == 0) && (password[0] == '\0')
|
||||
return 0;
|
||||
|
||||
pampasswd = password;
|
||||
|
||||
pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#%PAM-1.0
|
||||
auth required /lib/security/pam_unix.so shadow nodelay
|
||||
auth required /lib/security/pam_unix.so shadow nodelay nullok
|
||||
auth required /lib/security/pam_nologin.so
|
||||
account required /lib/security/pam_unix.so
|
||||
password required /lib/security/pam_cracklib.so
|
||||
|
|
Loading…
Reference in New Issue