Bug#561448: libpam-alreadyloggedin: Fake sense of security?

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#561448: libpam-alreadyloggedin: Fake sense of security?
From: Frank Lin PIAT <fpiat@klabs.be>
Date: Thu, 17 Dec 2009 09:59:21 +0100
Message-id: <[🔎] 20091217085921.14118.81469.reportbug@solid.paris.klabs.be>
Reply-to: Frank Lin PIAT <fpiat@klabs.be>, 561448@bugs.debian.org

Package: libpam-alreadyloggedin
Version: 0.3-1
Severity: important

Hello,

I am seriously concerned by the fake sense of security that such tool
provides (I must say that some other pam modules are scarry).

For instance, using vlock and libpam-alreadyloggedin on the same machine
provides the same level of security as a blank password, if not less.

As of 2009, where most people use either XWindow/ssh/screen, I see little
benefit using this tool (YMMV).

Please, add appropriate warning to this package description and README.

Thank you for your effort.

Franklin

BTW, It is recommended to submit an ITP bug before uploading a new
package in the archive, so other DDs can provide feed-back.

Reply to:

Prev by Date: Bug#561443: ITP: linuxsampler -- realtime audio sampler
Next by Date: Re: ITA: dict-gcide
Previous by thread: Bug#561443: ITP: linuxsampler -- realtime audio sampler
Next by thread: Bug#561349: Processed: Re: Bug#561349: Login Credentials not honoured
Index(es):
- Date
- Thread