Date: Sat, 28 Apr 2001 11:02:49 +0200 From: Mark Murray <mark@grondar.za> To: Bruce Evans <bde@zeta.org.au> Cc: current@FreeBSD.org Subject: Re: PAMmed su still broken for passwordless accounts Message-ID: <200104280901.f3S91Fp11808@gratis.grondar.za> In-Reply-To: <Pine.BSF.4.21.0104280835510.5768-100000@besplex.bde.org> ; from Bruce Evans <bde@zeta.org.au> "Sat, 28 Apr 2001 08:39:49 %2B1000." References: <Pine.BSF.4.21.0104280835510.5768-100000@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > 1) su on passwordless accounts. > > (a) `su <passwordless>' now bogusly prompts for a password. It lets > > you in if you type an empty password. > > (b) `echo somecommand | su <passwordless>' now bogusly prompts for > > a password. su doesn't find a password, and exits without printing > > anything or running `somecommand'. I use the latter form a lot. Feature, not bug. PAM has been told to use "unix" authentication. You can override this by setting su auth required pam_permit.so instead of su auth required pam_unix.so try_first_pass in /etc/pam.conf. For situations where some accounts have passwords and some don't, play with the third word - "required" may become "sufficient" etc. > (2) static linkage of rshd. Previously, only static linkage of many other > > commands that are linked to libpam was broken (ftpd was one). Those patches of yours look reasonable. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104280901.f3S91Fp11808>