On Mon, 25 Oct 2010, Michael Loftis wrote: > checks prior to this indicate a soft success. If you remove > authentication from your system, its expected that any attempt to > access will pass, barring and specific denial.
If I remove authentication from my system, I expect it to tell me to get lost, as that is the _only_ safe failure scenario. Recovery is supposed to be done through single-user mode and sulogin in that case (if you don't have a root window already open somewhere, that is). This fail-unsafe behaviour looks like it is a "feature" of the default config being shipped in /etc/pam.d/common-*. I wonder what is the justification behind that decision... -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101027210533.gb27...@khazad-dum.debian.net