Lars
2003-May-07 03:46 UTC
3.6.1p2, Spurious PAM failure messages WITH "PermitEmptyPasswords no", and a (micro) fix
Hi, after installing 3.6.1p2 I noticed spurious PAM login failures even with PermitEmptyPasswords set to "no": sshd(pam_unix)[1740]: authentication failure; logname=XXX uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost user=XXX After looking at the code I noticed the following in the portability p2 patch: +++ openssh-3.6.1p2/auth-passwd.c 2003-04-29 19:12:08.000000000 +1000 ... ... + +#if defined(USE_PAM) + return auth_pam_password(authctxt, password) && ok; +#elif defined(HAVE_OSF_SIA) ... ... That should really be + return ok && auth_pam_password(authctxt, password); (Note that ok is checked first, as I said in the subject its a trivial micro fix) I changed that and it works fine now. This should be integrated in the patch. -- Lars
Frank Cusack
2003-May-07 06:23 UTC
3.6.1p2, Spurious PAM failure messages WITH "PermitEmptyPasswords no", and a (micro) fix
On Tue, May 06, 2003 at 08:46:51PM -0700, Lars wrote:> Hi, > > after installing 3.6.1p2 I noticed spurious PAM login failures > even with PermitEmptyPasswords set to "no":...> That should really be > + return ok && auth_pam_password(authctxt, password); > > (Note that ok is checked first, as I said in the subject its a trivial > micro fix)No, that part of the code is correct as it stands. Take a look at the list archives, this was discussed just a few days back. /fc
Reasonably Related Threads
- [Bug 118] New: Implement TIS (protocol 1) via PAM
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes
- patch: disable credential forwarding after password auth.
- Patch for Digital Unix SIA authentication
- [PATCH]: Drop the use of `check_nt_auth'.