Re: Empty passwords

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Empty passwords
Date: Fri, 28 May 2010 13:03:52 +0200

On Fri, 2010-05-28 at 10:53 +0200, Berend De Schouwer wrote:
> nss-pam-ldapd allows people to login against an eDirectory server
> regardless of their password as long as they type an empty password.

Thanks for pointing this out and thanks the patch. Perhaps it is a good
idea to have a nullok option in the pam_ldap module and handle it there.

> eDirectory assumes that binds with an empty password are anonymous
> binds, so binds with empty or NULL passwords always succeed.

That is a bit weird behaviour. nslcd should check the returned value for
the bind and I don't think an LDAP server should silently log in as a
different user.

Anyway, I will look into this. Thanks.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users

Empty passwords, Berend De Schouwer
- Re: Empty passwords, Arthur de Jong

Prev by Date: Empty passwords
Next by Date: Re: Change password as root
Previous by thread: Empty passwords
Next by thread: Re: release 0.7.7 of nss-pam-ldapd