sshd on FreeBSD default allows blank passwords?
T.
freebsd-questions at lists.goldenpath.org
Wed May 7 05:23:41 UTC 2008
Andrew Pantyukhin wrote:
> On Tue, May 06, 2008 at 02:26:43PM -0400, T. wrote:
>
>> I didn't realize this before, but it came to my attention when
>> debugging PAM problems. Actually, sshd default does not allow
>> it, but another default is in enabling PAM. It's passing power
>> over to PAM which is allowing it.
>>
>> I didn't see another way immediately available to fix it, so I
>> disabled PAM in sshd. Works as expected now.
>>
>> Is there a PAM solution for this?
>>
>> Is this intended to be the default behavior?
>>
>
> Now that you mention it, I also was under impression that the
> reverse should be default. I'm no pam expert, but I thought
> "nullok" was required in /etc/pam.d/sshd next to pam_unix in
> order for empty passwords to work. But there's no "nullok" there
> by default and empty passwords still work. Disturbing.
>
Tested on my 5.5 box. Same thing there.
Have been taking this for granted for a long time.
Ooops.
More information about the freebsd-questions
mailing list