Bug#192207: Updated patch

To: Darren Tucker <dtucker@zip.com.au>, 192207@bugs.debian.org
Cc: 99168-quiet@bugs.debian.org, 193546-quiet@bugs.debian.org, control@bugs.debian.org
Subject: Bug#192207: Updated patch
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 3 Sep 2003 01:30:59 +0100
Message-id: <[🔎] 20030903003059.GA10955@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 192207@bugs.debian.org
In-reply-to: <3F348AEC.CFC33932@zip.com.au>
References: <3F348AEC.CFC33932@zip.com.au>

tags 99168 pending
tags 192207 pending
tags 193546 pending
thanks

On Sat, Aug 09, 2003 at 03:47:24PM +1000, Darren Tucker wrote:
> 	Attached is an updated patch that should address a couple of issues with
> the previous one:
> 
> a) The short-cut for permitemptypassword=no is in the authentication
> negotiation.  This means that if the user actually supplies a null
> password, it will be logged.
> 
> b) In the case of permitrootlogin=no, attempt an auth with a totally bogus
> password (idea from openwall linux).
> 
> 	Again, review carefully before using it, I may have overlooked something.

I've thought about this carefully and tested all the interesting
combinations I can think of, and it seems fine. I'll upload to Debian
unstable shortly, at which point no doubt it'll break for half a dozen
people with strange setups, but that's life. ;)

Thanks!

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Processed: Re: Bug#192207: Updated patch
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: RE: CONFIRM 2c945c44230de9e26073b8f9e4c0cc84
Next by Date: Bug#134589: Debian bug #134589: now fixed in upstream source
Previous by thread: Re: RE: CONFIRM 2c945c44230de9e26073b8f9e4c0cc84
Next by thread: Processed: Re: Bug#192207: Updated patch
Index(es):
- Date
- Thread