[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Any Account Logs In With Any Password



Please move this thread to debian-user@.  EOM

-Jim P.

On Oct 27, 2010 6:16 PM, "Jordon Bedwell" <jordon@envygeeks.com> wrote:
> On 10/27/2010 04:05 PM, Henrique de Moraes Holschuh wrote:
>> On Mon, 25 Oct 2010, Michael Loftis wrote:
>>> checks prior to this indicate a soft success. If you remove
>>> authentication from your system, its expected that any attempt to
>>> access will pass, barring and specific denial.
>>
>> If I remove authentication from my system, I expect it to tell me to get
>> lost, as that is the _only_ safe failure scenario. Recovery is supposed to
>> be done through single-user mode and sulogin in that case (if you don't have
>> a root window already open somewhere, that is).
>>
>> This fail-unsafe behaviour looks like it is a "feature" of the default
>> config being shipped in /etc/pam.d/common-*. I wonder what is the
>> justification behind that decision...
>
> Wait, let me get this right. You have a *server running*, you then
> *remove authentication* on said server and then you *expect* the system
> to tell everybody to go away? So if that is the case, why would you be
> running the server in the first place? An ironic situation... I like
> the idea of blaming the system for an administrators lack of competency
> when it comes to systems security.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: 4CC89F0B.4090804@envygeeks.com">http://lists.debian.org/4CC89F0B.4090804@envygeeks.com
>

Reply to: