Page MenuHomeFreeBSD

Do not prompt for password if it's set to empty password
ClosedPublic

Authored by trasz on Dec 11 2020, 11:35 AM.

Details

Summary

Make pam_unix(8) not prompt for password, if it's set to an empty
one - just like we don't prompt for password if the hash itself
is empty.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Add a separate option, "emptyok", so we can commit it without changing
the default behaviour.

lib/libpam/modules/pam_unix/pam_unix.c
96

Seems this should really be called emptypasswd.

126

Should we check for the option and flag before calling crypt()?

Seems ok to me. It would be best if someone more familiar with PAM would look at this.

This revision is now accepted and ready to land.Mar 31 2021, 4:15 PM