So, I can confirm that the following configuration leads to local users (both via tty consoles and gdm) to login with a blank password.
Here are the modified pam files, all the others are left untouched, the error here is having 'sufficient + sufficient' in both common-account and common-auth, changing those to 'sufficient + required' fixes the problem. (since having a required as last module makes the stack to fall back in any case) [WARNING, DO NOT USE THIS INSECURE CONFIGURATION (just in case someone decides to cut and paste without looking at the context ;) ] common-account: account sufficient pam_ldap.so account sufficient pam_unix.so common-auth: account sufficient pam_ldap.so account sufficient pam_unix.so nullok_secure use_first_pass common-password: password required pam_cracklib.so retry=3 minlen=8 difok=3 password sufficient pam_ldap.so use_authtok password required pam_unix.so nullok md5 shadow use_authtok common-session: session optional pam_foreground.so session sufficient pam_ldap.so session required pam_unix.so -- pam configuration could use safer defaults https://bugs.launchpad.net/bugs/152912 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
