There is also a severe and somewhat undocumented security issue fixed by the "user=" parameter added in this commit: https://code.google.com/p/google-authenticator/source/detail?r=c3414e9857ad64e52283f3266065ef3023fc69a8
Without this option, the SECRET file is required to be user-readable which can expose the secret to an attacker under certain configurations (notably when required for `sudo`, but not system login). -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
