Date: Wed, 07 May 2008 01:23:38 -0400 From: "T." <freebsd-questions@lists.goldenpath.org> To: infofarmer@FreeBSD.org Cc: freebsd-questions@freebsd.org Subject: Re: sshd on FreeBSD default allows blank passwords? Message-ID: <48213CDA.6080305@lists.goldenpath.org> In-Reply-To: <20080506200510.GU92161@amilo.cenkes.org> References: <4820A2E3.9030500@lists.goldenpath.org> <20080506200510.GU92161@amilo.cenkes.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Pantyukhin wrote: > On Tue, May 06, 2008 at 02:26:43PM -0400, T. wrote: > >> I didn't realize this before, but it came to my attention when >> debugging PAM problems. Actually, sshd default does not allow >> it, but another default is in enabling PAM. It's passing power >> over to PAM which is allowing it. >> >> I didn't see another way immediately available to fix it, so I >> disabled PAM in sshd. Works as expected now. >> >> Is there a PAM solution for this? >> >> Is this intended to be the default behavior? >> > > Now that you mention it, I also was under impression that the > reverse should be default. I'm no pam expert, but I thought > "nullok" was required in /etc/pam.d/sshd next to pam_unix in > order for empty passwords to work. But there's no "nullok" there > by default and empty passwords still work. Disturbing. > Tested on my 5.5 box. Same thing there. Have been taking this for granted for a long time. Ooops.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48213CDA.6080305>