tech-security: Re: login allows login without password

Subject: Re: login allows login without password
To: John Nemeth <jnemeth@victoria.tc.ca>
From: Patrick Welche <prlw1@newn.cam.ac.uk>
List: tech-security
Date: 05/05/2007 17:28:30

On Sat, May 05, 2007 at 02:53:55AM -0700, John Nemeth wrote:
>      We got PAM from FreeBSD.  Looking at http://cvsweb,freebsd.org/ ,
> I see that they still use pam_self.so.  This is a change in behaviour
> from pre-PAM.  Changing it now would be a change in behaviour from the
> way it currently works (and the way it works on FreeBSD).  However, it
> would be restoring traditional behaviour and you make some good
> points.  I'll wait a few days and if nobody yells, I'll make the change
> you suggest.

It would indeed be restoring pre-PAM behaviour:

% uname -r
4.99.19
% grep -i pam /etc/mk.conf
MKPAM=no
% login
login: 
login: 
login: 
login: 
login: 
login: 
login: prlw1
Password:
Login incorrect or refused on this terminal.
login: