On Thu, Jan 04, 2007 at 10:05:57PM -0500, Joshua Brindle wrote: > Hardcoding types into code makes it inflexible to policy changes, this > is a bad idea IMO, the tty whitelist, however, is probably the way to > go. I don't know if we should use the existing /etc/securetty or add > our own file though.
I'm not sure if the existing /etc/securetty is the right one, since people may make serial terminals available to users but would not want direct root login on those. Well, maybe not terribly likely these days. Instead of hardcoded types, how about a configurable type or a /etc/securettytypes file that contains the types instead of tty names? -Klaus -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
