On Tue, Oct 04, 2005 at 08:19:08PM -0700, Max Alekseyev wrote: > Steve Langasek wrote:
> >Aha, ok. So after adding two users, trying to log in via su with an empty > >password *succeeds* with libpam-modules 0.79-3 here. > > > >Trying to log in to vsftp using your exact config fails; but this problem > >is > >specific to the authorization component of the module, not the > >authentication component. The regression in the authorization component > >can > >be explained by the fact that in Linux-PAM 0.76, pam_userdb's > >pam_sm_acct_mgmt function didn't do anything except return PAM_SUCCESS. In > >0.79, it attempts to verify that the user is present in the database before > >returning. But if you've already authenticated the user via pam_userdb, > >this check is redundant; I recommend simply dropping the 'account' line > >from > >your vsftpd config. > Dropping 'account' line in /etc/pam.d/vsftpd didn't help. > vsftpd with libpam-modules 0.79-3 still rejects users with empty passwords. > What should I do about that behavior? File a new bugreport? Yes, please. > >Yes, there's still a regression in pam_userdb's pam_sm_acct_mgmt(), but > >since I'm not sure why this code works *at all* for empty passwords, I'm > >not > >really in a position to track this down. > If so, who can do that? > Could you please forward this bugreport to upstream developers? Yes, I will do so, but I have a long list of other issues to forward to them as well. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
