- Fixed PAM config files to allow empty passwords if server does.
- Explained spurious PAM auth warning workaround in UPGRADING
- Removed credits from README to CREDITS file, updated.
- Added --with-default-path to specify custom path for server
- Removed #ifdef trickery from acconfig.h into defines.h
+ - PAM bugfix. PermitEmptyPassword was being ignored.
+ - Fixed PAM config files to allow empty passwords if server does.
+ - Explained spurious PAM auth warning workaround in UPGRADING
19991226
- Enabled utmpx support by default for Solaris
- Better documentation
-- Port to other platforms (Finish Solaris support)
-
-- Fix paths in manpages using autoconf
+- Port to other platforms
- Better testing on non-PAM systems
user needs authentication to login (e.g. empty password). Unfortunatly
PAM likes to log all authentication events, this one included.
+If it annoys you too much, set "PermitEmptyPasswords no" in
+sshd_config. This will quiet the error message at the expense of
+disabling logins to accounts with no password set.
#%PAM-1.0
-auth required /lib/security/pam_pwdb.so shadow nodelay
+auth required /lib/security/pam_pwdb.so shadow nodelay nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
{
int pam_retval;
+ if ((options.permit_empty_passwd == 0) && (password[0] == '\0')
+ return 0;
+
pampasswd = password;
pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
#%PAM-1.0
-auth required /lib/security/pam_unix.so shadow nodelay
+auth required /lib/security/pam_unix.so shadow nodelay nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so
andersk / openssh.git / commitdiff
