[Bug-gnu-radius] Bug in Auth-Type = System and empty password?

bug-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-gnu-radius] Bug in Auth-Type = System and empty password?

From:	Jonathan Laventhol
Subject:	[Bug-gnu-radius] Bug in Auth-Type = System and empty password?
Date:	Fri, 16 Aug 2002 18:01:46 +0100

Dear Round Cornered Friends --

It appears that there's a bug where a user has no password
and Auth-Type = System.  The comments in the code say
it should fail the login; but the code lets them in.

In radiusd.c line 201 we return 0 when we should return -1.
        /*
         * Forbid logins on passwordless accounts
         */
        if (encrypted_pass[0] == 0)
                return 0;

My version:

"@(#) $Id: auth.c,v 1.47.2.2 2002/05/30 14:06:41 gray Exp $";


Many thanks for a greatly useful piece of software.

All best,
Jonathan.
-- 
____________________________________________________________________
Imagination  25 Store Street South Crescent London WC1E 7BL England |
             Tel +44 20 7323 3300    Fax +44 20 7323 5801           |
             _______________________________________________________|

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-gnu-radius] Bug in Auth-Type = System and empty password?, Jonathan Laventhol <=
- Re: [Bug-gnu-radius] Bug in Auth-Type = System and empty password?, Sergey Poznyakoff, 2002/08/16

Prev by Date: Re: [Bug-gnu-radius] reply attributes order?
Next by Date: Re: [Bug-gnu-radius] Bug in Auth-Type = System and empty password?
Previous by thread: [Bug-gnu-radius] reply attributes order?
Next by thread: Re: [Bug-gnu-radius] Bug in Auth-Type = System and empty password?
Index(es):
- Date
- Thread