reopen 531341 severity 531341 grave thanks > * debian/login.pam: pam_securetty included as a required module instead of > requisite to avoid leak of user name information. Closes: #531341
Please revert this change. The 'requisite' module is necessary to prevent exposure of the root password over insecure channels - such as telnet, but also including unencrypted XDMCP connections. root users should never have the opportunity to type their password when the tty is not secure. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [email protected] [email protected]
signature.asc
Description: Digital signature
