Re: Any Account Logs In With Any Password
On Wed, Oct 27, 2010 at 05:22:26PM -0400, Brad Tilley wrote:
> I felt the same way. I understand that I removed authentication by
> accidentally commenting out that line, but I thought that would cause
> authentication to fail. Obviously, authentication is not succeeding,
> it's just that authentication is not happening at all and you can type
> anything and get a shell on the remote system (provided you know a user
> name). In short, that behavior surprised me.
I disagree: if authentication was removed from a system (regardless of
whether by accident or not), I would expect the result to be a system
with no authentication. Not a system in which authentication had become
Perhaps a comment above the line, warning that removing that line removes
the requirement of authentication?