- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
if permit_empty_passwd == 0 so null password check cannot be bypassed.
jayaraj@amritapuri.com OpenBSD bug 2168
diff --git a/auth-pam.c b/auth-pam.c
index 29d3566..0132e47 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -35,7 +35,7 @@
extern char *__progname;
-RCSID("$Id: auth-pam.c,v 1.40 2001/10/28 17:32:38 stevesk Exp $");
+RCSID("$Id: auth-pam.c,v 1.41 2001/11/09 20:22:17 stevesk Exp $");
#define NEW_AUTHTOK_MSG \
"Warning: Your password has expired, please change it now"
@@ -217,7 +217,8 @@
__pampasswd = password;
pamstate = INITIAL_LOGIN;
- pam_retval = do_pam_authenticate(0);
+ pam_retval = do_pam_authenticate(
+ options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0);
if (pam_retval == PAM_SUCCESS) {
debug("PAM Password authentication accepted for "
"user \"%.100s\"", pw->pw_name);