summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
blob: ba13cd1919217c19346ba04b70c34900a4810fe1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Upstream-Status: Pending

Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM

If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon
will try to authenticate an empty password, resulting in login failures of any user.
If PAM is enabled, then we should leave the task of password authentication to PAM.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>

---
 auth2-none.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth2-none.c b/auth2-none.c
index c8c6c74..b48b2fd 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
 {
 	none_enabled = 0;
 	packet_check_eom();
-	if (options.permit_empty_passwd && options.password_authentication)
+	if (options.permit_empty_passwd && options.password_authentication && !options.use_pam)
 		return (PRIVSEP(auth_password(authctxt, "")));
 	return (0);
 }
-- 
1.7.9.5