diff options
-rw-r--r-- | auth-pam.c | 4 | ||||
-rw-r--r-- | debian/changelog | 3 |
2 files changed, 6 insertions, 1 deletions
diff --git a/auth-pam.c b/auth-pam.c index ec3b74951..9be57dacd 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -645,7 +645,9 @@ sshpam_respond(void *ctx, u_int num, char **resp) | |||
645 | return (-1); | 645 | return (-1); |
646 | } | 646 | } |
647 | buffer_init(&buffer); | 647 | buffer_init(&buffer); |
648 | if (sshpam_authctxt->valid) | 648 | if (sshpam_authctxt->valid && |
649 | (sshpam_authctxt->pw->pw_uid != 0 || | ||
650 | options.permit_root_login == PERMIT_YES)) | ||
649 | buffer_put_cstring(&buffer, *resp); | 651 | buffer_put_cstring(&buffer, *resp); |
650 | else | 652 | else |
651 | buffer_put_cstring(&buffer, badpw); | 653 | buffer_put_cstring(&buffer, badpw); |
diff --git a/debian/changelog b/debian/changelog index 8693c48ef..ba873c472 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -3,6 +3,9 @@ openssh (1:3.8.1p1-8.sarge.4) UNRELEASED; urgency=high | |||
3 | * Fix timing information leak allowing discovery of invalid usernames in | 3 | * Fix timing information leak allowing discovery of invalid usernames in |
4 | PAM keyboard-interactive authentication (backported from a patch by | 4 | PAM keyboard-interactive authentication (backported from a patch by |
5 | Darren Tucker; closes: #281595). | 5 | Darren Tucker; closes: #281595). |
6 | * Make sure that there's a delay in PAM keyboard-interactive | ||
7 | authentication when PermitRootLogin is not set to yes and the correct | ||
8 | root password is entered (closes: #248747). | ||
6 | 9 | ||
7 | -- Colin Watson <cjwatson@debian.org> Sun, 28 Nov 2004 12:12:55 +0000 | 10 | -- Colin Watson <cjwatson@debian.org> Sun, 28 Nov 2004 12:12:55 +0000 |
8 | 11 | ||