Bug 755

Summary: PermitEmptyPasswords ignored
Product: Portable OpenSSH Reporter: Frank Beckmann <Frank.Beckmann>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED WONTFIX    
Severity: critical    
Priority: P2    
Version: -current   
Hardware: UltraSPARC   
OS: Solaris   
Attachments:
Description Flags
ssh_config
none
sshd_config none

Description Frank Beckmann 2003-11-06 01:45:36 AEDT 
Hi

there ist a big Problem, user with empty Passwords can Login.
The User has no Password in the shadow file ...

He makes a connect with Putty, write his name in the prompt and Press enter
login as: wparling
Last login: Thu Nov  6 09:44:31 2003 from 10.128.77.18

Verarbeite Gruppe(n) UNIXADM
Lade Modul(e) basis rootstuff legato perl5.6.1 sybase-oc12 visualws6.2 tclx
wparling@systemxx:/home/wparling $

We dont use agents, or other things...

The Source is patched with Darrens password expired patch.

Frank

ssh -V
OpenSSH_3.7.1p2-pwexp24, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
Comment 1 Frank Beckmann 2003-11-06 01:48:15 AEDT 
Created attachment 492 [details]
ssh_config
Comment 2 Frank Beckmann 2003-11-06 01:49:09 AEDT 
Created attachment 493 [details]
sshd_config
Comment 3 Damien Miller 2003-11-06 02:05:43 AEDT 
I can't replicate this unless I use PAM and the nullok option in my
/etc/pam.d/sshd file.

Are you using PAM?
Comment 4 Frank Beckmann 2003-11-06 02:13:51 AEDT 
Hallo we Use PAM

Nov  6 09:44:57 zvadm6 sshd[17967]: Accepted keyboard-interactive/pam for 
wparling from 10.128.78.228 port 1419 ssh2

under solaris there is only an pam.conf, for ssh we dont make any entry.

The ssh works correct when we put something as pass in the /etc/shadow

Frank
Comment 5 Damien Miller 2003-11-06 02:26:20 AEDT 
This is intended behaviour.

When you have "UsePAM yes" all of the password-related code is bypassed entirely
- all of the checks are purely up to the PAM modules. Either turn off PAM
authentication or look to your PAM config.

I'll mention that UsePAM can bypass PermitEmptyPasswords in the sshd_config file.
Comment 6 Damien Miller 2004-04-14 12:24:20 AEST 
Mass change of RESOLVED bugs to CLOSED