-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Well well. I use two include to ease the upgrade of the package. If a
security parameter must be upgraded, it's done by the install script, rather
than a debconf alert message that could be easily missed.
these two files only contains only one line, you could copy it into your
/etc/pam.d/{gdm,login..} and it will have the same effect than the @include.
I don't this this is a package bug but a layer 8, administrator bug. There
are many ways to misconfigure a system and introduce security holes or
other jokes like that.
Moreover, pam-ssh never intended to be a standalone login system. It aims
to ease ssh key handling, that's it.
You could change "required" by "sufficient" into auth-common, and then no
password will be needed for login. Do you think it's a pam bug too?
Cheers,
Aurelien
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDTWe1cCqFswWbUPcRAnwcAKCLZb3gu8cXpo7n0OOheGQvn9qxYACfcmjT
ytJ3RHDm1jC+R8Me7NQzGVM=
=dAV0
-----END PGP SIGNATURE-----
