Date: Wed, 7 May 2008 00:05:11 +0400 From: Andrew Pantyukhin <infofarmer@FreeBSD.org> To: "T." <freebsd-questions@lists.goldenpath.org> Cc: freebsd-questions@freebsd.org Subject: Re: sshd on FreeBSD default allows blank passwords? Message-ID: <20080506200510.GU92161@amilo.cenkes.org> In-Reply-To: <4820A2E3.9030500@lists.goldenpath.org> References: <4820A2E3.9030500@lists.goldenpath.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 06, 2008 at 02:26:43PM -0400, T. wrote: > I didn't realize this before, but it came to my attention when > debugging PAM problems. Actually, sshd default does not allow > it, but another default is in enabling PAM. It's passing power > over to PAM which is allowing it. > > I didn't see another way immediately available to fix it, so I > disabled PAM in sshd. Works as expected now. > > Is there a PAM solution for this? > > Is this intended to be the default behavior? Now that you mention it, I also was under impression that the reverse should be default. I'm no pam expert, but I thought "nullok" was required in /etc/pam.d/sshd next to pam_unix in order for empty passwords to work. But there's no "nullok" there by default and empty passwords still work. Disturbing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080506200510.GU92161>