diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | TODO | 4 | ||||
-rw-r--r-- | UPGRADING | 3 | ||||
-rw-r--r-- | packages/redhat/sshd.pam | 2 | ||||
-rw-r--r-- | sshd.c | 5 | ||||
-rw-r--r-- | sshd.pam.generic | 2 |
6 files changed, 13 insertions, 6 deletions
@@ -4,6 +4,9 @@ | |||
4 | - Removed credits from README to CREDITS file, updated. | 4 | - Removed credits from README to CREDITS file, updated. |
5 | - Added --with-default-path to specify custom path for server | 5 | - Added --with-default-path to specify custom path for server |
6 | - Removed #ifdef trickery from acconfig.h into defines.h | 6 | - Removed #ifdef trickery from acconfig.h into defines.h |
7 | - PAM bugfix. PermitEmptyPassword was being ignored. | ||
8 | - Fixed PAM config files to allow empty passwords if server does. | ||
9 | - Explained spurious PAM auth warning workaround in UPGRADING | ||
7 | 10 | ||
8 | 19991226 | 11 | 19991226 |
9 | - Enabled utmpx support by default for Solaris | 12 | - Enabled utmpx support by default for Solaris |
@@ -4,9 +4,7 @@ | |||
4 | 4 | ||
5 | - Better documentation | 5 | - Better documentation |
6 | 6 | ||
7 | - Port to other platforms (Finish Solaris support) | 7 | - Port to other platforms |
8 | |||
9 | - Fix paths in manpages using autoconf | ||
10 | 8 | ||
11 | - Better testing on non-PAM systems | 9 | - Better testing on non-PAM systems |
12 | 10 | ||
@@ -53,3 +53,6 @@ These are generated because OpenSSH first tries to determine whether a | |||
53 | user needs authentication to login (e.g. empty password). Unfortunatly | 53 | user needs authentication to login (e.g. empty password). Unfortunatly |
54 | PAM likes to log all authentication events, this one included. | 54 | PAM likes to log all authentication events, this one included. |
55 | 55 | ||
56 | If it annoys you too much, set "PermitEmptyPasswords no" in | ||
57 | sshd_config. This will quiet the error message at the expense of | ||
58 | disabling logins to accounts with no password set. | ||
diff --git a/packages/redhat/sshd.pam b/packages/redhat/sshd.pam index 26dcb34d9..9ec42469e 100644 --- a/packages/redhat/sshd.pam +++ b/packages/redhat/sshd.pam | |||
@@ -1,5 +1,5 @@ | |||
1 | #%PAM-1.0 | 1 | #%PAM-1.0 |
2 | auth required /lib/security/pam_pwdb.so shadow nodelay | 2 | auth required /lib/security/pam_pwdb.so shadow nodelay nullok |
3 | auth required /lib/security/pam_nologin.so | 3 | auth required /lib/security/pam_nologin.so |
4 | account required /lib/security/pam_pwdb.so | 4 | account required /lib/security/pam_pwdb.so |
5 | password required /lib/security/pam_cracklib.so | 5 | password required /lib/security/pam_cracklib.so |
@@ -11,7 +11,7 @@ | |||
11 | */ | 11 | */ |
12 | 12 | ||
13 | #include "includes.h" | 13 | #include "includes.h" |
14 | RCSID("$Id: sshd.c,v 1.43 1999/12/26 03:04:33 damien Exp $"); | 14 | RCSID("$Id: sshd.c,v 1.44 1999/12/26 23:45:54 damien Exp $"); |
15 | 15 | ||
16 | #ifdef HAVE_POLL_H | 16 | #ifdef HAVE_POLL_H |
17 | # include <poll.h> | 17 | # include <poll.h> |
@@ -242,6 +242,9 @@ int do_pam_auth(const char *user, const char *password) | |||
242 | { | 242 | { |
243 | int pam_retval; | 243 | int pam_retval; |
244 | 244 | ||
245 | if ((options.permit_empty_passwd == 0) && (password[0] == '\0') | ||
246 | return 0; | ||
247 | |||
245 | pampasswd = password; | 248 | pampasswd = password; |
246 | 249 | ||
247 | pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); | 250 | pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); |
diff --git a/sshd.pam.generic b/sshd.pam.generic index cf5af3024..11e620dea 100644 --- a/sshd.pam.generic +++ b/sshd.pam.generic | |||
@@ -1,5 +1,5 @@ | |||
1 | #%PAM-1.0 | 1 | #%PAM-1.0 |
2 | auth required /lib/security/pam_unix.so shadow nodelay | 2 | auth required /lib/security/pam_unix.so shadow nodelay nullok |
3 | auth required /lib/security/pam_nologin.so | 3 | auth required /lib/security/pam_nologin.so |
4 | account required /lib/security/pam_unix.so | 4 | account required /lib/security/pam_unix.so |
5 | password required /lib/security/pam_cracklib.so | 5 | password required /lib/security/pam_cracklib.so |