On Thu, Sep 01, 2005 at 04:58:27PM +1000, Nick Hoffman wrote: > In /etc/pam.d/common-auth I found the following line: > auth required pam_unix.so nullok_secure > Neither manpages, docs, or Google have anything to say about the nullok_secure > option. If anyone could shed some light on it, that would be great. Given that this is a Debian-specific patch which has not yet been submitted upstream (that's on my TODO list after getting a newer upstream version than 0.76 into Debian unstable...), your odds would have been better asking the Debian package maintainer, FWIW. :) Since I happened to catch your message, though, I might as well answer here. The nullok_secure option was added to support passwordless pam_unix logins only from ttys listed in /etc/securetty. It was added because nullok was not considered an appropriate option to configure for all services, but there was a need to support passwordless root logins on tty2 on newly installed Debian systems when base-config has not yet been run to configure a root password. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@xxxxxxxxxx http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
