> > 1) su on passwordless accounts.
> >    (a) `su <passwordless>' now bogusly prompts for a password.  It lets
> >        you in if you type an empty password.
> >    (b) `echo somecommand | su <passwordless>' now bogusly prompts for
> >        a password.  su doesn't find a password, and exits without printing
> >        anything or running `somecommand'.  I use the latter form a lot.

Feature, not bug. PAM has been told to use "unix" authentication.
You can override this by setting

su      auth    required        pam_permit.so

instead of

su     auth    required        pam_unix.so                     try_first_pass

in /etc/pam.conf.

For situations where some accounts have passwords and some don't, play
with the third word - "required" may become "sufficient" etc.

> (2) static linkage of rshd.  Previously, only static linkage of many other
> >     commands that are linked to libpam was broken (ftpd was one).

Those patches of yours look reasonable.

Mark Murray
Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to