Hi there ist a big Problem, user with empty Passwords can Login. The User has no Password in the shadow file ... He makes a connect with Putty, write his name in the prompt and Press enter login as: wparling Last login: Thu Nov 6 09:44:31 2003 from 10.128.77.18 Verarbeite Gruppe(n) UNIXADM Lade Modul(e) basis rootstuff legato perl5.6.1 sybase-oc12 visualws6.2 tclx wparling@systemxx:/home/wparling $ We dont use agents, or other things... The Source is patched with Darrens password expired patch. Frank ssh -V OpenSSH_3.7.1p2-pwexp24, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
Created attachment 492 [details] ssh_config
Created attachment 493 [details] sshd_config
I can't replicate this unless I use PAM and the nullok option in my /etc/pam.d/sshd file. Are you using PAM?
Hallo we Use PAM Nov 6 09:44:57 zvadm6 sshd[17967]: Accepted keyboard-interactive/pam for wparling from 10.128.78.228 port 1419 ssh2 under solaris there is only an pam.conf, for ssh we dont make any entry. The ssh works correct when we put something as pass in the /etc/shadow Frank
This is intended behaviour. When you have "UsePAM yes" all of the password-related code is bypassed entirely - all of the checks are purely up to the PAM modules. Either turn off PAM authentication or look to your PAM config. I'll mention that UsePAM can bypass PermitEmptyPasswords in the sshd_config file.
Mass change of RESOLVED bugs to CLOSED