bugzilla-daemon at mindrot.org
2003-Sep-17 11:43 UTC
[Bug 652] PermitEmptyPasswords option silently ignored
http://bugzilla.mindrot.org/show_bug.cgi?id=652 Summary: PermitEmptyPasswords option silently ignored Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: steve at earth.ox.ac.uk Having upgraded to 3.7.1p1 from 3.6.1p2 using the following configure options:- ./configure --sysconfdir=/etc --with-rsh=/usr/ucb/rsh --with-xauth=/usr/openwin/ bin/xauth --with-default-path=/bin:/usr/ucb:/usr/bin:/usr/local/bin --with-ipv4- default --with-ssl-dir=/usr/local/ssl I've discovered that sshd silently ignores the PermitEmptyPasswords option in the config file. Researching further, it seems that the only place the option is referenced after being set in auth-passwd.c, line 70 where the password has already been requested from the user. Unfortunately, even if a user merely hits RETURN at the passowrd prompt (s)he is given the authentication fails for an account without a password. If the functionality for NULL passwords has been removed on purpose then this should be noted in the documentation and the configuration option should be removed. Otherwise, this bug shold be fixed. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-17 14:50 UTC
[Bug 652] PermitEmptyPasswords option silently ignored
http://bugzilla.mindrot.org/show_bug.cgi?id=652 hans at parse.nl changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sshd |Build system ------- Additional Comments From hans at parse.nl 2003-09-18 00:50 ------- I can confirm this problem on Slackware 8.0 aswell. 3.7p1 compiled with following options: CFLAGS="-O2 -march=i386 -mcpu=i686 -Wall" ./configure --prefix=/usr --sysconfdir=/etc/ssh --without-pam --with-md5-passwords --with-tcp-wrappers --with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin --with-ipv4-default --with-privsep-path=/var/empty --with-privsep-user=sshd i386-slackware-linux PasswordAuthentication yes PermitEmptyPasswords yes user with empty password keeps getting password prompt. To fix the problem i temporarily reverted back to 3.6.1p2 with patch from http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106378044112153&w=2 will gather some more debug info later ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-18 08:19 UTC
[Bug 652] PermitEmptyPasswords option silently ignored
http://bugzilla.mindrot.org/show_bug.cgi?id=652 ------- Additional Comments From djm at mindrot.org 2003-09-18 18:19 ------- Created an attachment (id=424) --> (http://bugzilla.mindrot.org/attachment.cgi?id=424&action=view) Fix empty password auth Its a bug. Try this attached patch or wait for the next portable release. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-18 08:25 UTC
[Bug 652] PermitEmptyPasswords option silently ignored
http://bugzilla.mindrot.org/show_bug.cgi?id=652 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-18 11:32 UTC
[Bug 652] PermitEmptyPasswords option silently ignored
http://bugzilla.mindrot.org/show_bug.cgi?id=652 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cj10 at cam.ac.uk ------- Additional Comments From djm at mindrot.org 2003-09-18 21:32 ------- *** Bug 678 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Maybe Matching Threads
- Bug #652 and PermitEmptyPasswords
- possible bug + patch : OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + P asswordAuthentication no + PermitEmptyPasswords yes
- [Bug 755] PermitEmptyPasswords ignored
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes (followup)
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthenticatio n no + PermitEmptyPasswords yes