We use lum on our SLED11 boxes to authenticate to eDirectory, and have noticed that if you do a default installation of SLED11SP2, then set up lum, users authorised to log in to the SLED box can log in over ssh with any password ie, entering no password will fail, but type anything else, even just one character, and you’re in.
If you downgrade the openssh package to 5.1p1-41.33.1, this behaviour stops, but if you then upgrade to 5.1p1-41.51.1 or later, it starts again.
If you don’t use lum (ie just local accounts) it doesn’t happen.
I do not have a system to test right now, but can you compare your
/etc/pam.d/ssh file as you change OpenSSH versions? I’m guessing it
changes somehow helping cause the problem, but it’s just a guess. It
may also be that the problem came from LUM and your version change just
replaced a conf file somewhere, but since re-upgrading fixed it I doubt
that is the case. /etc/nsswitch.conf is another file that may be worth
checking out before/after the LUM installation since I believe it is
modified by default, though usually not to allow failed logins.
Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/