15 Nov
2005
15 Nov
'05
14:02
Jurzitza, Dieter schrieb:
Nevertheless I cannot see a good reason to use 5 min password asking timeout as the default - I think that 0 min would be appropriate - whoever needs it shorter, can set it accordingly - but on his / her own risk. I think it would be a good policy for SuSE to change this as it is a risk that is adjustable and leaks should - IMHO - not be open as default.
Read the paragraph in "man sudo" about security, if you then come up with a certain exploit scenario, you will find open ears, I'm sure. Ciao Siegbert