Once upon a time, Matthew Miller <mat...@fedoraproject.org> said: > On Wed, Apr 09, 2014 at 10:20:36PM +0200, Lennart Poettering wrote: > [technical reasoning snipped] > > Hence: please let's just remove securetty entirely from the default PAM > > stacks. It's annoying, it creates a false sense of security, it's a > > relict of a different time and not compatible with modern device > > management, hotplug, containers, and so on! > > That makes sense to me. And unlike tcpwrappers, it's just a runtime config > file change to put back for cases where it's wanted.
Yeah, I think that's a decent way forward. AFAIK the securetty thing right now only affects console terminals and telnet logins. Since consoles are all in there, and hardly anybody runs a telnet server (I ran one on a couple of servers at PPOE to handle specific cases, but I wouldn't have had a problem with adding securetty checks if I needed it), it really is a meaningless check. -- Chris Adams <li...@cmadams.net> -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
