diff options
author | bubulle <bubulle@5a98b0ae-9ef6-0310-add3-de5d479b70d7> | 2010-03-16 06:59:46 +0000 |
---|---|---|
committer | bubulle <bubulle@5a98b0ae-9ef6-0310-add3-de5d479b70d7> | 2010-03-16 06:59:46 +0000 |
commit | f5e0895b3a8717df16181c305ba60b6b25f072d5 (patch) | |
tree | 5b059390c94e37d90bfebbfa4f5e2dafe5939c36 /debian/login.pam | |
parent | da9a0615de8e2cc69a7e928e81fd18e330c161e1 (diff) | |
download | shadow-f5e0895b3a8717df16181c305ba60b6b25f072d5.tar.gz |
Revert pam_securetty to "requisite"
Diffstat (limited to 'debian/login.pam')
-rw-r--r-- | debian/login.pam | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/debian/login.pam b/debian/login.pam index 65f07d8c..33e48a76 100644 --- a/debian/login.pam +++ b/debian/login.pam @@ -14,11 +14,13 @@ auth optional pam_faildelay.so delay=3000000 # Disallows root logins except on tty's listed in /etc/securetty # (Replaces the `CONSOLE' setting from login.defs) -# Note that it is included as a "required" module. root will be -# prompted for a password on insecure ttys. -# If you change it to a "requisite" module, make sure this does not leak -# user name information. -auth required pam_securetty.so +# Note that it is included as a "requisite" module. No password prompts will +# be displayed if this module fails to avoid having the root password +# transmitted on unsecure ttys. +# You can change it to a "required" module if you think it permits to +# guess valid user names of your system (invalid user names are considered +# as possibly being root). +auth requisite pam_securetty.so # Disallows other than root logins when /etc/nologin exists # (Replaces the `NOLOGINS_FILE' option from login.defs) |