diff --git a/ChangeLog b/ChangeLog index 12045a555..b2f58c36e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20011109 + - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) + if permit_empty_passwd == 0 so null password check cannot be bypassed. + jayaraj@amritapuri.com OpenBSD bug 2168 + 20011103 - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates from Raymund Will @@ -6801,4 +6806,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1631 2001/11/03 19:09:32 tim Exp $ +$Id: ChangeLog,v 1.1632 2001/11/09 20:22:16 stevesk Exp $ diff --git a/auth-pam.c b/auth-pam.c index 29d356674..0132e47bd 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -35,7 +35,7 @@ extern char *__progname; -RCSID("$Id: auth-pam.c,v 1.40 2001/10/28 17:32:38 stevesk Exp $"); +RCSID("$Id: auth-pam.c,v 1.41 2001/11/09 20:22:17 stevesk Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -217,7 +217,8 @@ int auth_pam_password(struct passwd *pw, const char *password) __pampasswd = password; pamstate = INITIAL_LOGIN; - pam_retval = do_pam_authenticate(0); + pam_retval = do_pam_authenticate( + options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); if (pam_retval == PAM_SUCCESS) { debug("PAM Password authentication accepted for " "user \"%.100s\"", pw->pw_name);