nullok_secure option
Steve Langasek
vorlon at debian.org
Thu Sep 1 07:09:24 UTC 2005
On Thu, Sep 01, 2005 at 04:58:27PM +1000, Nick Hoffman wrote:
> In /etc/pam.d/common-auth I found the following line:
> auth required pam_unix.so nullok_secure
> Neither manpages, docs, or Google have anything to say about the nullok_secure
> option. If anyone could shed some light on it, that would be great.
Given that this is a Debian-specific patch which has not yet been
submitted upstream (that's on my TODO list after getting a newer
upstream version than 0.76 into Debian unstable...), your odds would
have been better asking the Debian package maintainer, FWIW. :) Since I
happened to catch your message, though, I might as well answer here.
The nullok_secure option was added to support passwordless pam_unix
logins only from ttys listed in /etc/securetty. It was added because
nullok was not considered an appropriate option to configure for all
services, but there was a need to support passwordless root logins on
tty2 on newly installed Debian systems when base-config has not yet
been run to configure a root password.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/pam-list/attachments/20050901/4ad941e7/attachment.sig>
More information about the Pam-list
mailing list