diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | TODO | 4 | ||||
-rw-r--r-- | UPGRADING | 3 | ||||
-rw-r--r-- | packages/redhat/sshd.pam | 2 | ||||
-rw-r--r-- | sshd.c | 5 | ||||
-rw-r--r-- | sshd.pam.generic | 2 |
6 files changed, 13 insertions, 6 deletions
@@ -4,6 +4,9 @@ - Removed credits from README to CREDITS file, updated. - Added --with-default-path to specify custom path for server - Removed #ifdef trickery from acconfig.h into defines.h + - PAM bugfix. PermitEmptyPassword was being ignored. + - Fixed PAM config files to allow empty passwords if server does. + - Explained spurious PAM auth warning workaround in UPGRADING 19991226 - Enabled utmpx support by default for Solaris @@ -4,9 +4,7 @@ - Better documentation -- Port to other platforms (Finish Solaris support) - -- Fix paths in manpages using autoconf +- Port to other platforms - Better testing on non-PAM systems @@ -53,3 +53,6 @@ These are generated because OpenSSH first tries to determine whether a user needs authentication to login (e.g. empty password). Unfortunatly PAM likes to log all authentication events, this one included. +If it annoys you too much, set "PermitEmptyPasswords no" in +sshd_config. This will quiet the error message at the expense of +disabling logins to accounts with no password set. diff --git a/packages/redhat/sshd.pam b/packages/redhat/sshd.pam index 26dcb34d..9ec42469 100644 --- a/packages/redhat/sshd.pam +++ b/packages/redhat/sshd.pam @@ -1,5 +1,5 @@ #%PAM-1.0 -auth required /lib/security/pam_pwdb.so shadow nodelay +auth required /lib/security/pam_pwdb.so shadow nodelay nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.43 1999/12/26 03:04:33 damien Exp $"); +RCSID("$Id: sshd.c,v 1.44 1999/12/26 23:45:54 damien Exp $"); #ifdef HAVE_POLL_H # include <poll.h> @@ -242,6 +242,9 @@ int do_pam_auth(const char *user, const char *password) { int pam_retval; + if ((options.permit_empty_passwd == 0) && (password[0] == '\0') + return 0; + pampasswd = password; pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); diff --git a/sshd.pam.generic b/sshd.pam.generic index cf5af302..11e620de 100644 --- a/sshd.pam.generic +++ b/sshd.pam.generic @@ -1,5 +1,5 @@ #%PAM-1.0 -auth required /lib/security/pam_unix.so shadow nodelay +auth required /lib/security/pam_unix.so shadow nodelay nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so |