[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Any Account Logs In With Any Password

On Mon, Oct 25, 2010 at 05:16:51PM -0400, Brad Tilley wrote:
> While experimenting with PCI DSS on a default Debian Linux system, I
> found that when I comment out this line:
> auth    required        pam_unix.so nullok_secure
> in /etc/pam.d/common-auth, any account may ssh into the box by typing
> anything as the password. Is this the desired behavior? I would think
> that it would fail by default.

If no authentication modules are 'required', then no authentication is
required.  Makes sense to me.


Attachment: signature.asc
Description: Digital signature

Reply to: