--zHDeOHGDnzKksZSU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 18, 2006 at 07:34:39PM +0200, Johnny Billquist wrote:
> Hmmm. PAM rears it's ugly head? :-)
> Once you thought you knew how to get a Unix system to behave the way you=
=20
> wanted. Now it's getting as obfuscated as windows? :-)
>=20
> This is really a case where PAM is meddling where it shouldn't. If you=20
> explicitly have an account without password, and you explicitly tell=20
> sshd that accounts without passwords are ok, then you would think that=20
> should be it. Is anyone but me thinking that we're getting too many=20
> subsystems dealing with the same issue here, which makes it very hard to=
=20
> get things right?

Ideally, if UsePAM is set to yes, sshd shouldn't have to deal with
authentication *at all*.  Even the public key scheme should go through
PAM,, in some way, because then it could be use by other applications
that have allow key exchange.  Well, that's my idea of the question, at
least.

> pancake wrote:
> >Disabling PAM works :) Thanks.
> >
> >But ..now just for interest, what I've to do to make't work with PAM?
> >
> >I've been testing with pam_guest.so guests=3Danoncvs nopass  in=20
> >/etc/pam.d/sshd...
> >but looks like i'm doing something wrong.
> >
> >So, thanks for the help.
> >
> >--pancake
> >
> >On Tue, 18 Apr 2006 19:16:08 +0200
> >Quentin Garnier <cube@cubidou.net> wrote:
> >
> >
> >>On Tue, Apr 18, 2006 at 06:35:21PM +0200, pancake wrote:
> >>
> >>>Is it possible to create a user without password?
> >>>
> >>>I've modified the master.passwd emptying the password field and=20
> >>>configured sshd properly, but seems that all the time asks for passwor=
d.
> >>>
> >>>any idea?
> >>
> >>You probably need to teach the relevant PAM module to accept empty
> >>passwords.  Or just say "up yours" to PAM and set UsePAM to no in
> >>sshd_config.
> >>
> >>--=20
> >>Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
> >>"When I find the controls, I'll go where I like, I'll know where I want
> >>to be, but maybe for now I'll stay right here on a silent sea."
> >>KT Tunstall, Silent Sea, Eye to the Telescope, 2004.
> >>
>=20
> --=20
> Johnny Billquist                  || "I'm on a bus
>                                   ||  on a psychedelic trip
> email: bqt@update.uu.se           ||  Reading murder books
> pdp is alive!                     ||  tryin' to stay hip" - B. Idol

--=20
Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
"When I find the controls, I'll go where I like, I'll know where I want
to be, but maybe for now I'll stay right here on a silent sea."
KT Tunstall, Silent Sea, Eye to the Telescope, 2004.

--zHDeOHGDnzKksZSU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iQEVAwUBREUoQ9goQloHrPnoAQLR8wgArPIX/l5bJT/kM5yb+298VrbjvYTL8Yb+
2IXDb+s43DlzxVwc1FJRL3hrzSFq499Qbw2AiHRyekKW1c6RYJ9sZ9xAGrMFtCtV
IcotIAqfhikVDjbeQ/7f8pnzdoHpw5VhsY6UC0r5uTB6LEunni/ekqPBFf9JLyYh
j2D9HJBZPp4px/itXNzAQBk4jF1AE7AwBlGfBGf9V/QH+LRU2fwTDlvzWQGRGnoe
5AhP49bdFuVTKzKdwvgIfPdftQgYZEnsC/3V5SD0iJDkPVVmu3pDqzMXWtiCFSYu
rClfZNwW3xhN04QCsgxwjGAvbgOhbBYgegOsJqcpzAj/Z6iG6z1YCA==
=G2Nj
-----END PGP SIGNATURE-----

--zHDeOHGDnzKksZSU--