bugzilla-daemon at mindrot.org
2003-Nov-06 08:45 UTC
[Bug 755] PermitEmptyPasswords ignored
bugzilla.mindrot.org/show_bug.cgi?id=755 Summary: PermitEmptyPasswords ignored Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: Frank.Beckmann at vodafone.com Hi there ist a big Problem, user with empty Passwords can Login. The User has no Password in the shadow file ... He makes a connect with Putty, write his name in the prompt and Press enter login as: wparling Last login: Thu Nov 6 09:44:31 2003 from 10.128.77.18 Verarbeite Gruppe(n) UNIXADM Lade Modul(e) basis rootstuff legato perl5.6.1 sybase-oc12 visualws6.2 tclx wparling at systemxx:/home/wparling $ We dont use agents, or other things... The Source is patched with Darrens password expired patch. Frank ssh -V OpenSSH_3.7.1p2-pwexp24, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-06 08:48 UTC
[Bug 755] PermitEmptyPasswords ignored
bugzilla.mindrot.org/show_bug.cgi?id=755 ------- Additional Comments From Frank.Beckmann at vodafone.com 2003-11-06 01:48 ------- Created an attachment (id=492) --> (bugzilla.mindrot.org/attachment.cgi?id=492&action=view) ssh_config ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-06 08:49 UTC
[Bug 755] PermitEmptyPasswords ignored
bugzilla.mindrot.org/show_bug.cgi?id=755 ------- Additional Comments From Frank.Beckmann at vodafone.com 2003-11-06 01:49 ------- Created an attachment (id=493) --> (bugzilla.mindrot.org/attachment.cgi?id=493&action=view) sshd_config ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-06 09:05 UTC
[Bug 755] PermitEmptyPasswords ignored
bugzilla.mindrot.org/show_bug.cgi?id=755 ------- Additional Comments From djm at mindrot.org 2003-11-06 02:05 ------- I can't replicate this unless I use PAM and the nullok option in my /etc/pam.d/sshd file. Are you using PAM? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-06 09:13 UTC
[Bug 755] PermitEmptyPasswords ignored
bugzilla.mindrot.org/show_bug.cgi?id=755 ------- Additional Comments From Frank.Beckmann at vodafone.com 2003-11-06 02:13 ------- Hallo we Use PAM Nov 6 09:44:57 zvadm6 sshd[17967]: Accepted keyboard-interactive/pam for wparling from 10.128.78.228 port 1419 ssh2 under solaris there is only an pam.conf, for ssh we dont make any entry. The ssh works correct when we put something as pass in the /etc/shadow Frank ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-06 09:26 UTC
[Bug 755] PermitEmptyPasswords ignored
bugzilla.mindrot.org/show_bug.cgi?id=755 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2003-11-06 02:26 ------- This is intended behaviour. When you have "UsePAM yes" all of the password-related code is bypassed entirely - all of the checks are purely up to the PAM modules. Either turn off PAM authentication or look to your PAM config. I'll mention that UsePAM can bypass PermitEmptyPasswords in the sshd_config file. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- Processed: switching email address
- 3.6.1p2, Spurious PAM failure messages WITH "PermitEmptyPasswords no", and a (micro) fix
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes (followup)
- Bug #652 and PermitEmptyPasswords
- PAM overrides PermitEmptyPasswords