Quoting Christian Perrier ([EMAIL PROTECTED]): > Quoting Dwight Davis ([EMAIL PROTECTED]): > > Oops!, these lines are indeed different in my config, > > but they make no difference. > > > > The line that is causing this behavior is: > > > > auth requisite pam_securetty.so > > > > According to the man page this module should have no > > affect if the username is not recognized. The default > > for the "requisite" keyword is to die. > > > > Changing the keyword "requisite" to "required", as the > > man page recommends, causes the normal behavior of > > login. > > > Yes, I confirm that. > > I pinged Steve Langasek on IRC to get some more expert advice when it > comes at PAM stuff. > >
A discussion happened on IRC about this: 09:38 <vorlon> do you know if that's a recent change in the behavior of pam_securetty? 09:38 <vorlon> or is it just a recent change in the contents of /etc/pam.d/login? 09:39 <vorlon> I don't like the idea of being able to brute force usernames via login, however unlikely this is --- Log closed dim oct 21 09:44:35 2007 --- Log opened dim oct 21 09:44:48 2007 09:44 <vorlon> anyway, the advantage of using requisite for pam_securetty is that if it's *not* a secure tty, the user has no opportunity to type the root password at all 09:44 <vorlon> but apparently there are side effects that don't belong --- Log closed dim oct 21 09:50:35 2007 --- Log opened dim oct 21 12:19:42 2007 12:19 <bubulle> I don't know if it's a recent change in pam_securetty 12:19 <bubulle> not a change in /etc/pam.d/login for sure
signature.asc
Description: Digital signature