Your message dated Wed, 03 Feb 2021 13:53:07 -0500
with message-id <[email protected]>
and subject line Empty Passwords Appear to Work
has caused the Debian Bug report #332292,
regarding libpam-modules 0.79 breaks vsftpd: "530 Login incorrect." reported
for users with empty passwords
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
332292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332292
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam-modules
Version: 0.79-3
Severity: important
I have a number of users with empty passwords in my vsftpd settings.
After upgrading libpam-modules from 0.76-23 to 0.79-3, vsftpd started to
reject such users with "530 Login incorrect."
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330829 for details.
--- End Message ---
--- Begin Message ---
I have not tested with vsftpd explicitly, but I did test pam 1.4.0-3's
null password handling to verify the changes made in 1.4.0-1 regarding
nullok and nullok_secure.
I found that
* For applications that pass DISALLOW_NULL_AUTHTOK, null passwords do
not work
* for local applications like login, they do
* ssh triggers that flag based on the EmptyPasswords config.
So, it's vsftpd's choice whether it supports empty passwords or not.
--Sam
--- End Message ---
