RSS feed

Re: Empty passwords

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Empty passwords

On Fri, 2010-05-28 at 10:53 +0200, Berend De Schouwer wrote:
> nss-pam-ldapd allows people to login against an eDirectory server
> regardless of their password as long as they type an empty password.

Thanks for pointing this out and thanks the patch. Perhaps it is a good
idea to have a nullok option in the pam_ldap module and handle it there.

> eDirectory assumes that binds with an empty password are anonymous
> binds, so binds with empty or NULL passwords always succeed.

That is a bit weird behaviour. nslcd should check the returned value for
the bind and I don't think an LDAP server should silently log in as a
different user.

Anyway, I will look into this. Thanks.

-- arthur - - --
To unsubscribe send an email to or see