[Pkg-shadow-devel] Bug#531341: prints "login incorrect" without asking for password when entering an invalid login

Steve Langasek vorlon at debian.org
Wed Sep 2 08:32:17 UTC 2009

reopen 531341
severity 531341 grave

> * debian/login.pam: pam_securetty included as a required module instead of
>     requisite to avoid leak of user name information. Closes: #531341

Please revert this change.  The 'requisite' module is necessary to prevent
exposure of the root password over insecure channels - such as telnet, but
also including unencrypted XDMCP connections.  root users should never have
the opportunity to type their password when the tty is not secure.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20090902/789e0ec0/attachment.pgp>

More information about the Pkg-shadow-devel mailing list