We use lum on our SLED11 boxes to authenticate to eDirectory, and have noticed that if you do a default installation of SLED11SP2, then set up lum, users authorised to log in to the SLED box can log in over ssh with any password ie, entering no password will fail, but type anything else, even just one character, and you're in.

If you downgrade the openssh package to 5.1p1-41.33.1, this behaviour stops, but if you then upgrade to 5.1p1-41.51.1 or later, it starts again.

If you don't use lum (ie just local accounts) it doesn't happen.

Is anyone else seeing this?