dropbear authentication

Giuseppe Cavallaro peppe.cavallaro at gmail.com
Wed Aug 8 17:32:37 WST 2007


I can do that if in the checkusername I comment the following check.
I'm not sure if it's a better way; I wonder if it's worth using an extra
option (i.e. permit_empty_passwd)
like ssh does.

        /* check for an empty password */
#if 0
        if (ses.authstate.pw->pw_passwd[0] == '\0') {
                TRACE(("leave checkusername: empty pword"))
                dropbear_log(LOG_WARNING, "user '%s' has blank password,
rejected",
                                ses.authstate.printableuser);
                send_msg_userauth_failure(0, 1);
                return DROPBEAR_FAILURE;
        }
#endif
        TRACE(("shell is %s", ses.authstate.pw->pw_shell))


On 08/08/2007, Giuseppe Cavallaro <peppe.cavallaro at gmail.com> wrote:
>
> Hi Matt,
> It works fine if I set root:R7gIX4dJJcCFw:... in passwd file.
> So I'd like to have the same scenario but using root::... in passwd.
> Is it possible?
>
> Thanks a lot for your excellent support,
> Giuseppe
>
>
> >
> > There's a hardcoded check in checkusername() that won't
> > allow an empty password crypt since that's a common
> > misconfiguration. If the user has an OK entry in /etc/passwd
> > though, you can make Dropbear skip auth fairly easily, see
> > the patch below.
> >
> > Matt
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20070808/d761626c/attachment.htm 


More information about the Dropbear mailing list