On Oct 27, 2010 6:16 PM, "Jordon Bedwell" <firstname.lastname@example.org
> On 10/27/2010 04:05 PM, Henrique de Moraes Holschuh wrote:
>> On Mon, 25 Oct 2010, Michael Loftis wrote:
>>> checks prior to this indicate a soft success. If you remove
>>> authentication from your system, its expected that any attempt to
>>> access will pass, barring and specific denial.
>> If I remove authentication from my system, I expect it to tell me to get
>> lost, as that is the _only_ safe failure scenario. Recovery is supposed to
>> be done through single-user mode and sulogin in that case (if you don't have
>> a root window already open somewhere, that is).
>> This fail-unsafe behaviour looks like it is a "feature" of the default
>> config being shipped in /etc/pam.d/common-*. I wonder what is the
>> justification behind that decision...
> Wait, let me get this right. You have a *server running*, you then
> *remove authentication* on said server and then you *expect* the system
> to tell everybody to go away? So if that is the case, why would you be
> running the server in the first place? An ironic situation... I like
> the idea of blaming the system for an administrators lack of competency
> when it comes to systems security.
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
> Archive: 4CC89F0B.firstname.lastname@example.org