[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Behavior of module that support /etc/nologin

Steve \"Stevers!\" Coile wrote:
> But if the contents of /etc/nologin (if any) are displayed if (and
> only if) the user enters a correct username and password, you've just
> given away that the username/password combination is correct, even if
> the attacker hasn't gained shell account because of the (presumably
> temporary) login restriction.  It seems to me that, in order to be

This is not the behavior I see.  I guess you are sticking with older

I am using SimplePAMApps-0.54-1, pam-0.57-5 and pwdb-0.54-7.  The following
/etc/pam.d/login file yields exactly the behavior I indicated previously:

#[For version 1.0 syntax, the above header is optional]
# The PAM configuration file for the `login' service
auth       required   pam_pwdb.so
auth       required   pam_nologin.so
auth       optional   pam_group.so
auth       optional   pam_mail.so
account    requisite  pam_time.so
account    required   pam_pwdb.so
session    required   pam_pwdb.so
session    optional   pam_lastlog.so \
password   required   pam_cracklib.so \
password   required   pam_pwdb.so \

I hope this helps

               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []