Specifically, the current status means that on stretch systems, any accounts relying on the default pam_unix nullok_secure to allow null- password accounts to log in from local terminals only are open to access by anyone who ssh's in and happens to get get pts/0 or pts/1.
_______________________________________________ Pkg-shadow-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
