bug or feature?

nosp nosp at xades.com
Fri Dec 5 17:44:13 UTC 2003


On Fri, 2003-12-05 at 17:13, Christoph Wickert wrote:
> 
> But what do you think about thins: As normal user I started
> redhat-config-network and logged out a little later without exiting it.
> Direcly logged in (I needed to restart the X server) again and
> redhat-config-network was restored WITHOUT ASKING FOR A PASSWORD!!!
> 
> This is a massive security problem I think!

The PAM authentication that allowed you access the first time is cached
for a period of time.  If you start a second r-c-n job within that time
period you won't get prompted for a password again.





More information about the fedora-list mailing list