[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

securetty module



Elliot was kind enough to write a securetty module.  It seems to work.
He added a check that isn't normally done: if the /etc/securetty file
is world-writable or not a normal file, the securetty module returns
failure.  We think that's a good idea.  We kind of liked the idea of
failing if the securetty module was invoked but the /etc/securetty
file was missing, but that is an incompatibility with normal securetty
handling that is likely to cause people problems with a system that
comes with PAM and securetty enabled by default -- they will get old
docs that say that you can disable securetty by removing the file, and
they will try, and then they won't be able to log in.  Enough people
do that to make it worth supporting that "fucntionality", even though
it isn't the most PAM-centric behaviour...

The patch will go up on our ftp site within a day or two.  Anyone who
wants to look it over now should feel more than free to send either of
us an email and ask for it.

michaelkjohnson

"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []