From owner-freebsd-current Sat Apr 28 2: 1:41 2001 Delivered-To: freebsd-current@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 59A8D37B424 for ; Sat, 28 Apr 2001 02:01:34 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grondar.za (gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.3/8.11.3) with ESMTP id f3S91Fp11808; Sat, 28 Apr 2001 11:01:20 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200104280901.f3S91Fp11808@gratis.grondar.za> To: Bruce Evans Cc: current@FreeBSD.org Subject: Re: PAMmed su still broken for passwordless accounts References: In-Reply-To: ; from Bruce Evans "Sat, 28 Apr 2001 08:39:49 +1000." Date: Sat, 28 Apr 2001 11:02:49 +0200 From: Mark Murray Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > 1) su on passwordless accounts. > > (a) `su ' now bogusly prompts for a password. It lets > > you in if you type an empty password. > > (b) `echo somecommand | su ' now bogusly prompts for > > a password. su doesn't find a password, and exits without printing > > anything or running `somecommand'. I use the latter form a lot. Feature, not bug. PAM has been told to use "unix" authentication. You can override this by setting su auth required pam_permit.so instead of su auth required pam_unix.so try_first_pass in /etc/pam.conf. For situations where some accounts have passwords and some don't, play with the third word - "required" may become "sufficient" etc. > (2) static linkage of rshd. Previously, only static linkage of many other > > commands that are linked to libpam was broken (ftpd was one). Those patches of yours look reasonable. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message