tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

- PAM bugfix. PermitEmptyPassword was being ignored.

Browse Source 
- Fixed PAM config files to allow empty passwords if server does.
 - Explained spurious PAM auth warning workaround in UPGRADING
This commit is contained in:
Damien Miller 1999-12-27 10:45:54 +11:00
parent 5a3e68382d
commit 373d2917a8
6 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -4,6 +4,9 @@
- Removed credits from README to CREDITS file, updated. - Removed credits from README to CREDITS file, updated.
- Added --with-default-path to specify custom path for server - Added --with-default-path to specify custom path for server
- Removed #ifdef trickery from acconfig.h into defines.h - Removed #ifdef trickery from acconfig.h into defines.h
- PAM bugfix. PermitEmptyPassword was being ignored.
- Fixed PAM config files to allow empty passwords if server does.
- Explained spurious PAM auth warning workaround in UPGRADING
19991226 19991226
- Enabled utmpx support by default for Solaris - Enabled utmpx support by default for Solaris

4
TODO
View File

@ -4,9 +4,7 @@
- Better documentation - Better documentation
- Port to other platforms (Finish Solaris support) - Port to other platforms
- Fix paths in manpages using autoconf
- Better testing on non-PAM systems - Better testing on non-PAM systems

3
UPGRADING
View File

@ -53,3 +53,6 @@ These are generated because OpenSSH first tries to determine whether a
user needs authentication to login (e.g. empty password). Unfortunatly user needs authentication to login (e.g. empty password). Unfortunatly
PAM likes to log all authentication events, this one included. PAM likes to log all authentication events, this one included.
If it annoys you too much, set "PermitEmptyPasswords no" in
sshd_config. This will quiet the error message at the expense of
disabling logins to accounts with no password set.

2
packages/redhat/sshd.pam
View File

@ -1,5 +1,5 @@
#%PAM-1.0 #%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nodelay auth required /lib/security/pam_pwdb.so shadow nodelay nullok
auth required /lib/security/pam_nologin.so auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so password required /lib/security/pam_cracklib.so

5
sshd.c
View File

@ -11,7 +11,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: sshd.c,v 1.43 1999/12/26 03:04:33 damien Exp $"); RCSID("$Id: sshd.c,v 1.44 1999/12/26 23:45:54 damien Exp $");
#ifdef HAVE_POLL_H #ifdef HAVE_POLL_H
# include <poll.h> # include <poll.h>
@ -242,6 +242,9 @@ int do_pam_auth(const char *user, const char *password)
{ {
int pam_retval; int pam_retval;
if ((options.permit_empty_passwd == 0) && (password[0] == '\0')
return 0;
pampasswd = password; pampasswd = password;
pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);

2
sshd.pam.generic
View File

@ -1,5 +1,5 @@
#%PAM-1.0 #%PAM-1.0
auth required /lib/security/pam_unix.so shadow nodelay auth required /lib/security/pam_unix.so shadow nodelay nullok
auth required /lib/security/pam_nologin.so auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so password required /lib/security/pam_cracklib.so