diff --git a/login.pamd b/login.pamd index 13df590..93fc60e 100644 --- a/login.pamd +++ b/login.pamd @@ -1,6 +1,5 @@ #%PAM-1.0 auth requisite pam_nologin.so -auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so auth include common-auth account include common-account password include common-password diff --git a/python-libmount.changes b/python-libmount.changes index 8189eb9..aefa97f 100644 --- a/python-libmount.changes +++ b/python-libmount.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Jan 10 02:24:25 UTC 2015 - jengelh@inai.de + +- Remove pam_securetty.so from /etc/pam.d/login. By definition, + local logins are always secure. Remote logins actually use + /etc/pam.d/remote by way of `/bin/login -h` (such as rlogind). + This solves the problem that root logins are erroneously rejected + when using kmscon(8) or `machinectl login`, because they use + ptys. + ------------------------------------------------------------------- Tue Nov 11 10:57:12 UTC 2014 - schwab@suse.de diff --git a/python-libmount.spec b/python-libmount.spec index a9f3c16..08b1d77 100644 --- a/python-libmount.spec +++ b/python-libmount.spec @@ -1,7 +1,7 @@ # # spec file for package python-libmount # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/util-linux-systemd.changes b/util-linux-systemd.changes index 8189eb9..aefa97f 100644 --- a/util-linux-systemd.changes +++ b/util-linux-systemd.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Jan 10 02:24:25 UTC 2015 - jengelh@inai.de + +- Remove pam_securetty.so from /etc/pam.d/login. By definition, + local logins are always secure. Remote logins actually use + /etc/pam.d/remote by way of `/bin/login -h` (such as rlogind). + This solves the problem that root logins are erroneously rejected + when using kmscon(8) or `machinectl login`, because they use + ptys. + ------------------------------------------------------------------- Tue Nov 11 10:57:12 UTC 2014 - schwab@suse.de diff --git a/util-linux-systemd.spec b/util-linux-systemd.spec index ce65f8b..7fb79f5 100644 --- a/util-linux-systemd.spec +++ b/util-linux-systemd.spec @@ -1,7 +1,7 @@ # # spec file for package util-linux-systemd # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/util-linux.changes b/util-linux.changes index 8189eb9..aefa97f 100644 --- a/util-linux.changes +++ b/util-linux.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Jan 10 02:24:25 UTC 2015 - jengelh@inai.de + +- Remove pam_securetty.so from /etc/pam.d/login. By definition, + local logins are always secure. Remote logins actually use + /etc/pam.d/remote by way of `/bin/login -h` (such as rlogind). + This solves the problem that root logins are erroneously rejected + when using kmscon(8) or `machinectl login`, because they use + ptys. + ------------------------------------------------------------------- Tue Nov 11 10:57:12 UTC 2014 - schwab@suse.de diff --git a/util-linux.spec b/util-linux.spec index 4368b74..802815b 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -1,7 +1,7 @@ # # spec file for package util-linux # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed