Bug#192207: Updated patch
tags 99168 pending
tags 192207 pending
tags 193546 pending
thanks
On Sat, Aug 09, 2003 at 03:47:24PM +1000, Darren Tucker wrote:
> Attached is an updated patch that should address a couple of issues with
> the previous one:
>
> a) The short-cut for permitemptypassword=no is in the authentication
> negotiation. This means that if the user actually supplies a null
> password, it will be logged.
>
> b) In the case of permitrootlogin=no, attempt an auth with a totally bogus
> password (idea from openwall linux).
>
> Again, review carefully before using it, I may have overlooked something.
I've thought about this carefully and tested all the interesting
combinations I can think of, and it seems fine. I'll upload to Debian
unstable shortly, at which point no doubt it'll break for half a dozen
people with strange setups, but that's life. ;)
Thanks!
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: