On Tue, Jul 28, 2009 at 10:38:21AM -0400, Sam Hartman wrote: > Here's a draft of a debconf note I've put together ; Steve has not reviewed, > and it may change internally.
Here is a revised version of this template which I like better. Maybe this one will be final, or maybe Sam will have further corrections. :) Template: libpam-runtime/you-had-no-auth Type: error _Description: Your system allowed access without a password! A bug in a previous version of libpam-runtime resulted in no PAM profiles being selected for use on this system. As a result, access was allowed for a time to all accounts on your system, with or without a correct password. Especially if this system can be accessed from the Internet, it is likely that it has been compromised. Unless you are familiar with recovering from security failures, viruses, and malicious software, you should re-install this system from scratch or obtain the services of a skilled system administrator. For more information, see: . http://www.debian.org/security/pam-auth . The bug that allowed this wrong configuration is fixed in the current version of libpam-runtime, and your configuration has now been corrected. We apologize that previous versions of libpam-runtime did not detect and prevent this situation. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-www-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
