[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pwdb breakage



Michael K. Johnson wrote:
> One more related problem with pam_pwdb -- if a user's entry in /etc/passwd
> has a * (note: NOT an x), and the /etc/shadow entry is blank, the user,
> rather than being locked out, is let in without being queried for a password
> (assuming null_ok is set).
> 
> This is a security hole.  So, do I get my name on the web page as someone
> who has broken pam, and therefore deserves respect?  :-)

FWIW: This also appears to be a bug with sshd.

Cheers

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []