summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
new file mode 100644
index 0000000000..ba13cd1919
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
@@ -0,0 +1,30 @@
+Upstream-Status: Pending
+
+Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM
+
+If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon
+will try to authenticate an empty password, resulting in login failures of any user.
+If PAM is enabled, then we should leave the task of password authentication to PAM.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+---
+ auth2-none.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/auth2-none.c b/auth2-none.c
+index c8c6c74..b48b2fd 100644
+--- a/auth2-none.c
++++ b/auth2-none.c
+@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
+ {
+ none_enabled = 0;
+ packet_check_eom();
+- if (options.permit_empty_passwd && options.password_authentication)
++ if (options.permit_empty_passwd && options.password_authentication && !options.use_pam)
+ return (PRIVSEP(auth_password(authctxt, "")));
+ return (0);
+ }
+--
+1.7.9.5
+