[TinyLogin] Glibc, tinylogin - auth without password?

[Ethan]

gcc 2.95.4, debian system, working to cram everything on a 16mb CF card.

Progress is going well, except one thing that has been an issue.

Both dropbearSSH and Tinylogin are allowing me to login without a
password.

In the makefile I have USE_SYSTEM_PWD_GRP = false, and USE_SYSTEM_SHADOW =
false.

Now, when I'm not chroot'ed to the test environment, it works fine! So
there is something that tinylogin is seeing that works fine.

Out of desperation, I copied the NSS libs, actually most of the libs from
/lib on the full system. I copied /etc/pam.conf and /etc/pam.d/* ... I
copied /var/run and /var/log utmp and wtmp.

I try to run strace, but there is an incredible amount of output as
tinylogin is waiting for next character that the output is impossible to
sort thru. Plus for some wierd reason it halts when the password entry
comes up (I tried -f? -F? no go). So I gave up on that.

Anyone know what I'm missing? It is obviously something with glibc, as it
is also affecting dropbear.

For instance, if I log in with root, since there is an account of root
itlets me in -- no password prompt. If I login as a non-existant user, it
never prompts for a password at all. So the password crypt validation
routine seems borked. I have the libcrypt libraries copied over. So odd.


--
                               // Ethan O'Toole
                               // http://users.757.org/~ethan