Depends on your full stack, but yes, this is the PAM behavior as checks
prior to this indicate a soft success. If you remove authentication from
your system, its expected that any attempt to access will pass, barring and
specific denial.
--On Monday, October 25, 2010 17:16 -0400 Brad Tilley <rtil...@vt.edu>
wrote:
While experimenting with PCI DSS on a default Debian Linux system, I
found that when I comment out this line:
auth required pam_unix.so nullok_secure
in /etc/pam.d/common-auth, any account may ssh into the box by typing
anything as the password. Is this the desired behavior? I would think
that it would fail by default.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmas...@lists.debian.org Archive:
http://lists.debian.org/4cc5f3c3.5020...@vt.edu
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/85db4032fbdb47dbec79c...@[192.168.1.66]
