[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: nullok_secure option



On Thu, Sep 01, 2005 at 04:58:27PM +1000, Nick Hoffman wrote:
> In /etc/pam.d/common-auth I found the following line:

> auth  required        pam_unix.so nullok_secure

> Neither manpages, docs, or Google have anything to say about the nullok_secure 
> option. If anyone could shed some light on it, that would be great.

Given that this is a Debian-specific patch which has not yet been
submitted upstream (that's on my TODO list after getting a newer
upstream version than 0.76 into Debian unstable...), your odds would
have been better asking the Debian package maintainer, FWIW. :)  Since I
happened to catch your message, though, I might as well answer here.

The nullok_secure option was added to support passwordless pam_unix
logins only from ttys listed in /etc/securetty.  It was added because
nullok was not considered an appropriate option to configure for all
services, but there was a need to support passwordless root logins on
tty2 on newly installed Debian systems when base-config has not yet
been run to configure a root password.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon debian org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]