Open Port Indicator?
Arwyn Hainsworth
arwynh+ubuntu at gmail.com
Thu Mar 15 12:37:03 UTC 2007
On 15/03/07, Soren Hansen <sh at linux2go.dk> wrote:
> On Thu, Mar 15, 2007 at 10:23:32AM +0900, Arwyn Hainsworth wrote:
> > >I've always thought that the option of just giving any user access
> > >without authentication is broken and should be removed. Something
> > >like what happened to this user was bound to happen sooner or later
> > >and I can't think up a use case that justifies its presence. Can any
> > >of you?
> > I had a friend once who kept his home PC on so that he could log in
> > via remote desktop from work. IMHO that's a perfectly normal use case,
> > so it should be possible to log in without local user intervention and
> > removing that ability would be a mistake.
>
> An he can't remember a simple password?
I think you are misunderstanding my point or I was misunderstanding yours.
Some form of authentication should be required. It can be either
password authentication, public/private key authentication, direct
user intervention or a mixture of 2 or 3 of the above. Providing at
least one method of authentication is active I see no problem, however
I do agree that allowing remote connection without any form of
authentication is a security flaw and should not be possible.
After checking Preferences->Remote_Desktop it does indeed seem to be
possible to disable all forms of authentication. Not good.
Arwyn
More information about the Ubuntu-devel-discuss
mailing list