Please move this thread to debian-u...@. EOM
-Jim P. On Oct 27, 2010 6:16 PM, "Jordon Bedwell" <jor...@envygeeks.com> wrote: > On 10/27/2010 04:05 PM, Henrique de Moraes Holschuh wrote: >> On Mon, 25 Oct 2010, Michael Loftis wrote: >>> checks prior to this indicate a soft success. If you remove >>> authentication from your system, its expected that any attempt to >>> access will pass, barring and specific denial. >> >> If I remove authentication from my system, I expect it to tell me to get >> lost, as that is the _only_ safe failure scenario. Recovery is supposed to >> be done through single-user mode and sulogin in that case (if you don't have >> a root window already open somewhere, that is). >> >> This fail-unsafe behaviour looks like it is a "feature" of the default >> config being shipped in /etc/pam.d/common-*. I wonder what is the >> justification behind that decision... > > Wait, let me get this right. You have a *server running*, you then > *remove authentication* on said server and then you *expect* the system > to tell everybody to go away? So if that is the case, why would you be > running the server in the first place? An ironic situation... I like > the idea of blaming the system for an administrators lack of competency > when it comes to systems security. > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4cc89f0b.4090...@envygeeks.com >