Subject: Re: login allows login without password
To: John Nemeth <jnemeth@victoria.tc.ca>
From: Patrick Welche <prlw1@newn.cam.ac.uk>
List: tech-security
Date: 05/05/2007 17:28:30
On Sat, May 05, 2007 at 02:53:55AM -0700, John Nemeth wrote:
> We got PAM from FreeBSD. Looking at http://cvsweb,freebsd.org/ ,
> I see that they still use pam_self.so. This is a change in behaviour
> from pre-PAM. Changing it now would be a change in behaviour from the
> way it currently works (and the way it works on FreeBSD). However, it
> would be restoring traditional behaviour and you make some good
> points. I'll wait a few days and if nobody yells, I'll make the change
> you suggest.
It would indeed be restoring pre-PAM behaviour:
% uname -r
4.99.19
% grep -i pam /etc/mk.conf
MKPAM=no
% login
login:
login:
login:
login:
login:
login:
login: prlw1
Password:
Login incorrect or refused on this terminal.
login: