Tollef Fog Heen <tfh...@err.no> writes: > ]] Russ Allbery >> Er, "UsePAM no"?
> That's «changing sshds configuration» which for most people is on a > completely different scale than patching the application itself. UsePAM > yes is also the default nowadays. That reduces the scope of affected users, but it doesn't eliminate the problem. It means that anyone installing systemd needs to be aware that they need to convert ssh to use PAM if it isn't currently, which is an unintuitive connection. There will be similar problems with, for example, Kerberos klogind (and there I'm not sure it even has PAM support). > You can use PAM sessions without using PAM auth, for instance if you're > using key authentication. Yes, I know. But they previously haven't done much useful for you, so it's not unreasonable to turn it off. Turning off unused features in a security interface is usually good practice. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87fwdjexy8....@windlord.stanford.edu
