[prev in list] [next in list] [prev in thread] [next in thread]
List: pkg-shadow-devel
Subject: [Pkg-shadow-devel] Bug#531341: prints "login incorrect" without asking for password when entering an
From: Steve Langasek <vorlon () debian ! org>
Date: 2009-09-02 8:32:17
Message-ID: 20090902083217.GB24004 () dario ! dodds ! net
[Download RAW message or body]
reopen 531341
severity 531341 grave
thanks
> * debian/login.pam: pam_securetty included as a required module instead of
> requisite to avoid leak of user name information. Closes: #531341
Please revert this change. The 'requisite' module is necessary to prevent
exposure of the root password over insecure channels - such as telnet, but
also including unencrypted XDMCP connections. root users should never have
the opportunity to type their password when the tty is not secure.
--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic