Bug 713

Summary: PAM and "PermitRootLogin without-password" still allows root password login
Product: Portable OpenSSH Reporter: Ian Donaldson <iand>
Component: PAM supportAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED DUPLICATE    
Severity: major    
Priority: P2    
Version: -current   
Hardware: All   
OS: Solaris   

Description Ian Donaldson 2003-09-24 21:42:33 AEST 
With 3.7.1p1 and 3.7.1p2 (at least) on Solaris 7, 8 (at least), enabling UsePAM
with "PermitRootLogin without-password" still allows root logins with password
authentication.  (compiled --with-pam)

Disabling UsePAM works to restore expected behaviour; ie: password authentication
fails as it should, which is my workaround, but I want to use PAM in the
future.
Comment 1 Damien Miller 2003-09-24 22:01:32 AEST 
When you use PAM you are not using password authentication anymore. You should
control root auth in PAM using the pam_rootok or pam_listfile modules.

perhaps we need a README.PAM file...
Comment 2 Darren Tucker 2004-03-30 12:00:54 AEST 

*** This bug has been marked as a duplicate of 701 ***
Comment 3 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED