On Wed, 9 Apr 2014, Chris Adams wrote:
Once upon a time, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> said:
On Wed, Apr 09, 2014 at 10:20:36PM +0200, Lennart Poettering wrote:
[technical reasoning snipped]
Hence: please let's just remove securetty entirely from the default PAM
stacks. It's annoying, it creates a false sense of security, it's a
relict of a different time and not compatible with modern device
management, hotplug, containers, and so on!
That makes sense to me. And unlike tcpwrappers, it's just a runtime config
file change to put back for cases where it's wanted.
Yeah, I think that's a decent way forward. AFAIK the securetty thing
right now only affects console terminals
As long as it does not lock out root from kvm/uml console/serial logins.
Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
