[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pwdb breakage



One more related problem with pam_pwdb -- if a user's entry in /etc/passwd
has a * (note: NOT an x), and the /etc/shadow entry is blank, the user,
rather than being locked out, is let in without being queried for a password
(assuming null_ok is set).

This is a security hole.  So, do I get my name on the web page as someone
who has broken pam, and therefore deserves respect?  :-)

michaelkjohnson

"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []