Date: Thu, 27 Jun 2002 02:45:23 +0100 (BST) From: Richard Tobin <richard@cogsci.ed.ac.uk> To: Richard Tobin <richard@cogsci.ed.ac.uk>, questions@FreeBSD.ORG Subject: Re: ssh question Message-ID: <200206270145.CAA19739@rhymer.cogsci.ed.ac.uk> In-Reply-To: Richard Tobin's message of Thu, 27 Jun 2002 00:51:38 %2B0100 (BST)
next in thread | raw e-mail | index | archive | help
I wrote: > While checking my ssh configuration, I was shocked to discover that I > could log in to accounts with no password set by giving any non-empty > password. What have I got misconfigured for this to happen? It appears to be PAM that is doing this, rather than ssh itself. The code in auth-passwd.c wouldn't allow it. PermitEmptyPasswords makes ssh reject empty passwords typed by the user, but non-empty ones get passed to PAM which accepts any password for a passwordless account. -- Richard To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206270145.CAA19739>