Having upgraded to 3.7.1p1 from 3.6.1p2 using the following configure options:- ./configure --sysconfdir=/etc --with-rsh=/usr/ucb/rsh --with-xauth=/usr/openwin/ bin/xauth --with-default-path=/bin:/usr/ucb:/usr/bin:/usr/local/bin --with-ipv4- default --with-ssl-dir=/usr/local/ssl I've discovered that sshd silently ignores the PermitEmptyPasswords option in the config file. Researching further, it seems that the only place the option is referenced after being set in auth-passwd.c, line 70 where the password has already been requested from the user. Unfortunately, even if a user merely hits RETURN at the passowrd prompt (s)he is given the authentication fails for an account without a password. If the functionality for NULL passwords has been removed on purpose then this should be noted in the documentation and the configuration option should be removed. Otherwise, this bug shold be fixed.
I can confirm this problem on Slackware 8.0 aswell. 3.7p1 compiled with following options: CFLAGS="-O2 -march=i386 -mcpu=i686 -Wall" ./configure --prefix=/usr --sysconfdir=/etc/ssh --without-pam --with-md5-passwords --with-tcp-wrappers --with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin --with-ipv4-default --with-privsep-path=/var/empty --with-privsep-user=sshd i386-slackware-linux PasswordAuthentication yes PermitEmptyPasswords yes user with empty password keeps getting password prompt. To fix the problem i temporarily reverted back to 3.6.1p2 with patch from http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106378044112153&w=2 will gather some more debug info later
Created attachment 424 [details] Fix empty password auth Its a bug. Try this attached patch or wait for the next portable release.
*** Bug 678 has been marked as a duplicate of this bug. ***
Mass change of RESOLVED bugs to CLOSED