sshd on FreeBSD default allows blank passwords?
Andrew Pantyukhin
infofarmer at FreeBSD.org
Tue May 6 20:05:15 UTC 2008
On Tue, May 06, 2008 at 02:26:43PM -0400, T. wrote:
> I didn't realize this before, but it came to my attention when
> debugging PAM problems. Actually, sshd default does not allow
> it, but another default is in enabling PAM. It's passing power
> over to PAM which is allowing it.
>
> I didn't see another way immediately available to fix it, so I
> disabled PAM in sshd. Works as expected now.
>
> Is there a PAM solution for this?
>
> Is this intended to be the default behavior?
Now that you mention it, I also was under impression that the
reverse should be default. I'm no pam expert, but I thought
"nullok" was required in /etc/pam.d/sshd next to pam_unix in
order for empty passwords to work. But there's no "nullok" there
by default and empty passwords still work. Disturbing.
More information about the freebsd-questions
mailing list