If the "pw_type" is crypt-based and the password field returned by the query is null, user is able to authenticate with any password. It is true that crypt("anything", ""); is always "", so if the crypted password is an empty string, this is (arguably) the correct behavior, but since it sounds very bad, pam_unix needs explicitly the nullok flag.
But the issue here is even worse: when crypt is used, pam_pgsql authenticates with any password both when the field is an empty string (arguably reasonable) and when it is null. This latter seems very bad, because no output from crypt represents a null password (although this concept is absent in original Unix).
In my opinion, a null password should be treated the same as no result, and should always fail.
A workaround is to use a query that never returns null, like:
SELECT COALESCE(password, '§§INVALID') FROM auth_table;
Patch:
http://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/
扫一扫
1242
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
