Bug 713 - PAM and "PermitRootLogin without-password" still allows root password login
Summary: PAM and "PermitRootLogin without-password" still allows root password login
Status: CLOSED DUPLICATE of bug 701
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: PAM support (show other bugs)
Version: -current
Hardware: All Solaris
: P2 major
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-24 21:42 AEST by Ian Donaldson
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Donaldson 2003-09-24 21:42:33 AEST 
With 3.7.1p1 and 3.7.1p2 (at least) on Solaris 7, 8 (at least), enabling UsePAM
with "PermitRootLogin without-password" still allows root logins with password
authentication.  (compiled --with-pam)

Disabling UsePAM works to restore expected behaviour; ie: password authentication
fails as it should, which is my workaround, but I want to use PAM in the
future.
Comment 1 Damien Miller 2003-09-24 22:01:32 AEST 
When you use PAM you are not using password authentication anymore. You should
control root auth in PAM using the pam_rootok or pam_listfile modules.

perhaps we need a README.PAM file...
Comment 2 Darren Tucker 2004-03-30 12:00:54 AEST 

*** This bug has been marked as a duplicate of 701 ***
Comment 3 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED