Once upon a time, Paul Wouters <paul@xxxxxxxxx> said: > On Wed, 9 Apr 2014, Chris Adams wrote: > >Once upon a time, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> said: > >>On Wed, Apr 09, 2014 at 10:20:36PM +0200, Lennart Poettering wrote: > >>[technical reasoning snipped] > >>>Hence: please let's just remove securetty entirely from the default PAM > >>>stacks. It's annoying, it creates a false sense of security, it's a > >>>relict of a different time and not compatible with modern device > >>>management, hotplug, containers, and so on! > >> > >>That makes sense to me. And unlike tcpwrappers, it's just a runtime config > >>file change to put back for cases where it's wanted. > > > >Yeah, I think that's a decent way forward. AFAIK the securetty thing > >right now only affects console terminals > > As long as it does not lock out root from kvm/uml console/serial logins. The proposal is to remove the securetty thing, which would remove any TTY check. root would be allowed on any TTY by default. -- Chris Adams <linux@xxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
