Bjoern Voigt wrote:
Now my question are:
* Which PAM configuration file in /etc/pam.d is used for single user / rescue mode of SystemD? To answer my own questions:
"sulogin" is used in single user / rescue mode. Some documents say, that "sulogin" does not use PAM at all, e.g. http://www.fifi.org/doc/libpam-doc/html/pam-5.html
* Is it possible to login another user except "root"? Normally only the password for "root" is accepted. Probably not without hacking the sulogin source code.
As a result, if an attacker already knows the root password, but has no access to the OTP generating device, he can boot into single user / rescue mode and there he can login with the known root password. Of course this works only with local access to the computer and local access isn't often highly secured (closed root, BIOS password, hard disk encryption, boot loader password etc.) Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org