[Pkg-shadow-devel] Bug#731656: Please disable securetty by default
Alan Jenkins
alan.christopher.jenkins at gmail.com
Mon Jan 15 11:51:07 UTC 2018
On Thu, 19 Jan 2017 18:20:17 +0100 Balint Reczey
<balint at balintreczey.hu> wrote:
> Control: tags -1 confirmed
>
> Hi Josh,
>
> On Sat, 07 Dec 2013 15:13:28 -0800 Josh Triplett <josh at joshtriplett.org>
> wrote:
> > Package: login
> > Version: 1:4.1.5.1-1
> > Severity: wishlist
> >
> > securetty dates back to the days when people still logged into systems
> > via telnet and rlogin. These days, remote access occurs via SSH, which
> > has its own configuration mechanism to determine whether to allow root
> > logins (including more flexible approaches such as disallowing root
> > logins by password but allowing them by key). And any local TTY should
> > be considered a securetty by definition. Thus, I don't think securetty
> > has any value anymore as part of the default configuration of login. I
> > would suggest removing it by default.
>
> I will look into that in the Buster cycle, this change would be too
> intrusive now.
>
> Cheers,
> Balint
Hi
I recently ran a stretch->unstable upgrade, and noticed some
modification to securetty (conffile conflict v.s. my deletion of
/etc/securetty).
Can I ask if we've missed the boat for Buster, or is it still a
possibility to get securetty removed from the pam config?
I understand making any change to PAM configs can be pretty
nerve-wracking :).
Thanks
Alan
More information about the Pkg-shadow-devel
mailing list