-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg Folkert wrote:
>> Keyboard-only access (where the hardware is in a secure cage) when >> the attacker does not know the root password leaves you in the same >> position as if he were telneting in. > > VERY FEW places do this anymore. And in any case I said "touch the > keyboard and have physical access to the machines internals" I do realize that you can break any security in a certain amount of time, but that is really not the point. The point is that the installer option is misleading. It says that it will disable root logins, and does exactly the opposite - it enables passwordless root login. I also strongly disagree that this is not a security concern. It is like not locking your car because it is easy to break a window and open the door from inside. After all, there is nothing you can do to prevent someone from getting into your car if one can get near it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGKmtRztOe9mov/y4RAqT2AJ9Fp14ISieBovkNbfQFdz09PVW0eACfesce 0/XJF9HmR47MDtkzy3/qq58= =fv+z -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
