Vincent Deffontaines <[EMAIL PROTECTED]>: > Marek Kubica a écrit : > > On Thu, 4 Sep 2008 13:25:13 +0100 > > Pawe? Krzywicki <[EMAIL PROTECTED]> wrote: > > > >>> the solution was as Cerbelle said. Login as a normal user and do > >>> sudo ( or you can activate root login from the login menu; but i > >>> personally consider it really dangerous!) > >> I am wondering why this is dangerous? > >> If your password is seen as "strong" "FaG34#fCFD12drtfdg" something > >> like this for example why this is dangerous? > > > > The point is, that 1) not too many people use strong passwords 2) > > having root access allowed makes it [easier] to break in, since the > > username is known as it is always "root". User-accounts might be named > > pawel, pawelk, krzywicki or be completely unknown for the attacker. > > Even though this principle is true, it seems to me it is not in > application on every system. > > Try to login on any Lenny box console with an invalid account. > You will get "Incorrect login" without being prompted for a > password at all.
What? And you get a shell prompt?!? > I tend to consider this as a quite bad bug, but it seems it has > been so for a while in Lenny, and even in upstream PAM. reportbug, search bugs.debian.org, ask in [EMAIL PROTECTED], ... The "What?!?" was meant seriously. The closest I've come to running Testing is Sidux which is Sid based, so I can't easily verify this. I find it's difficult to believe that Lenny really does this, but what do I know? Can anyone confirm? -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]