[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: large delays on failed authentication



Ingo Luetkebohle wrote:
> I still have one suggestion to make, though: The delay should not be used
> when the user is unknown to PAM. That case suggest a user error, as
> opposed to a hacking attempt.

No, the delay should not provide any information about the availability (or
not) of accounts on a system. This is known as a covert channel of
information and the point of implementating pam_fail_delay was to avoid such
things.

[I will add an option to pam_pwdb to not use the delay mechanism. I do not
recommend making use of it, but at least then people can make up their own
mind!]

Cheers

Andrew

PS. All modules causing failure delays, should use pam_fail_delay(). Any
other mechanism defeats the point of having a function like this, and will
also lead to the delays being added up -- something that may prove
unacceptable (not to mention unsecure) from the user's point of view.

-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []