[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM questions (fwd)


I asked the guy at Sun who is doing their PAM implementation about
delays. Here is his reply. An extra module gets around this, but in a
perfect world I think I would opt for a libpam maintained function
availible to the modules of the form pam_set_duration(XXX) where XXX
is the *minimum* time that a call to libpam would take. This way there
would only be a single delay for all modules encountered, and it can
be set by modules individually or by a custom module....



Charlie Lai wrote:
> From charlie@caribe-85.Eng.Sun.COM  Tue Jun 25 08:24:31 1996
> Date: Tue, 25 Jun 1996 08:24:19 -0700

> > Have you thought about "delays" after incorrect password entry?
> our login app looks something like this:
> if (retry < MAX_RETRIES) {
> 	retval = pam_authenticate();
> 	if (retval != PAM_SUCCESS) {
> 		retry++;
> 		sleep();
> 	}
> }
> so the sleep is in the application.
> we originally had the sleep in the modules, but when we
> stacked 3 modules together, the sleep became unbearably long.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []