Comment 3 for bug 1033899
Revision history for this message
| Francis Pereira (francispereira) wrote | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Hi Thomas,
The new PAM rule allows a user to execute remote API commands when the uses is a member of group root or xapi ( if uncommented ). This is expected behavior when the user is logged in on a terminal but when authenticating via the HTTP API (connecting via XenCenter) this PAM rule allows anyone to login and execute commands as root without a password
Francis