> A recent security audit turned up the ability to login on a fresh > install with the accounts bin, daemon, and games from a telnet session > with out a password.
I just did a fresh woody install (idepci, serial console FWIW) and installed telnetd. I cannot reproduce this problem: Debian GNU/Linux 3.0 meow meow login: daemon Password: Login incorrect > A fix seemed to be making sure that the password in /etc/passwd (or > /etc/shadow if configured) is set to "!" instead of "*". Another issue > might have been the existence of "nullok" in /etc/pam.d/login (and other > files). Were you able to login without a pasword after you had set the root password? IIRC before setting the root password one can log in as root without a password. > I've not been able to reproduce this on the only other Debian system I > have access to, however, it is still Debian 2.2. > > > > I am using Debian GNU/Linux 3.0, kernel 2.4.18-686 and libc-2.2.5 If you can provide any more information so that we can reproduce this problem it would be helpful. Thanks, -David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
