[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Any Account Logs In With Any Password

While experimenting with PCI DSS on a default Debian Linux system, I
found that when I comment out this line:

auth    required        pam_unix.so nullok_secure

in /etc/pam.d/common-auth, any account may ssh into the box by typing
anything as the password. Is this the desired behavior? I would think
that it would fail by default.

Reply to: