On 10/27/2010 04:05 PM, Henrique de Moraes Holschuh wrote: > On Mon, 25 Oct 2010, Michael Loftis wrote: >> checks prior to this indicate a soft success. If you remove >> authentication from your system, its expected that any attempt to >> access will pass, barring and specific denial. > > If I remove authentication from my system, I expect it to tell me to get > lost, as that is the _only_ safe failure scenario. Recovery is supposed to > be done through single-user mode and sulogin in that case (if you don't have > a root window already open somewhere, that is). > > This fail-unsafe behaviour looks like it is a "feature" of the default > config being shipped in /etc/pam.d/common-*. I wonder what is the > justification behind that decision...
Wait, let me get this right. You have a *server running*, you then *remove authentication* on said server and then you *expect* the system to tell everybody to go away? So if that is the case, why would you be running the server in the first place? An ironic situation... I like the idea of blaming the system for an administrators lack of competency when it comes to systems security. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4cc89f0b.4090...@envygeeks.com