-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 9 Nov 2006, Timo Sirainen wrote:
Umm.. The auth bind succeeds with the empty password?
So should I just add a check that empty password will always fail if auth_bind=yes? This prevents having users who don't have a password (eg. they'd be proxied elsewhere), but I guess it's not that important.
How about a "#permit_empty_passwords = yes" option in passdb backends? Not that I use accounts with empty passwords, but just in case.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBRVNHBS9SORjhbDpvAQKsFQf+OrvK8xyJvH0VIB5EVlT8aQUUv55bmt7p xgKdamg2WaFvIhBU/Y7r4o69zh5gkSh0e1jaVoYzbSeRcohjPmoUOPr7C58cV6Ru dsXeArTDOqfYf28/GG6Kw3zCZAfkKywJ5IZv9nn1PhGn4mC7pyunBoFOqwaR55wb yXSLaA273Jit4GAPdpVY1zsG5KuaNm9qgAUQ2y3aHqA+5HcwtJig8zE9qT/zNf+f qwpStG/znl9NM68V6kzsXuQBvByLtTeNZAKVubRKsgKT7neH8nO2Myxk4oo+Ynq4 5erwP5QslPldl9LOE1Wa2+m2NoR38ALIJlJOR+PAhYL/VTIe44naTA== =ihP3 -----END PGP SIGNATURE-----