On Sun, Aug 28, 2005 at 12:10:07AM +0200, Sylvain wrote: > I want to use only pam-ssh to login on my comptuter. So I modify the > login pam file and comment @include common-auth.
> Here is a part of my /etc/pam.d/login <snip> > # Standard Un*x authentication. > @include pam-ssh-auth > [EMAIL PROTECTED] common-auth > With this configuration, I can login with the wrong or null passphrase. > If I want to only user pam-ssh-auth, I need to modify > /etc/pam.d/pam-ssh-auth and replace sufficient by required. It is very > easy to insert a security hole in your system. While I'm not sure I agree that this qualifies as a user security hole, I do think it's inappropriate for libpam-ssh to provide separate pam.d "include" files in this fashion. The @include common-* infrastructure provided by the libpam package was never intended for this, and Sylvain points out at least one reason why PAM modules can't provide their own config files that will be generally useful. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
