Date: Sat, 28 Apr 2001 08:39:49 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Mark Murray <markm@FreeBSD.org> Cc: current@FreeBSD.org Subject: PAMmed su still broken for passwordless accounts Message-ID: <Pine.BSF.4.21.0104280835510.5768-100000@besplex.bde.org> In-Reply-To: <Pine.BSF.4.21.0103282207550.25660-100000@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Mar 2001, Bruce Evans wrote: > > markm 2001/03/27 11:40:51 PST > > > > Modified files: > > etc pam.conf > > libexec/rshd Makefile rshd.8 rshd.c > > libexec/ftpd Makefile ftpd.c > > usr.bin/login Makefile login.1 login.c > > usr.bin/su Makefile su.1 su.c > > Log: > > Add full PAM support for account management and sessions. > > > > The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux > > package's PAM patches to the BSD login.c > > > > Submitted by: "David J. MacKenzie" <djm@web.us.uu.net> > > This breaks: > > 1) su on passwordless accounts. > (a) `su <passwordless>' now bogusly prompts for a password. It lets > you in if you type an empty password. > (b) `echo somecommand | su <passwordless>' now bogusly prompts for > a password. su doesn't find a password, and exits without printing > anything or running `somecommand'. I use the latter form a lot. > (2) static linkage of rshd. Previously, only static linkage of many other > commands that are linked to libpam was broken (ftpd was one). > > Bruce I use the quick fix of removing -DPAM from su/Makefile. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104280835510.5768-100000>