[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: printing messages




> Thorsten Kukuk wrote:
> > My problem is: pam_keylogin will always print the warning, but I would
> > like to see the warning only, if the user is logged in correctly, not 
> > if the password is wrong.
> > Or isn't this possible, so that I have to call pam_keylogin always
> > after pam_unix_auth or pam_pwdb ?
> 
> Two choices, place pam_keylogin after all the other ones (as you've said)

This will not work:

voyager login: root
Password:
Can't find unix.voyager@uni-paderborn.de's secret key
Login incorrect

It's easy for a hacker to look, if the login exists and only the
password is wrong. Or is there a way, that pam_keylogin could look,
if there was a module before with PAM_SUCCESS ?
(For normal users, you will get something back like
unix.506@uni-paderborn.de, where 506 is the user id.

> or use a data_item (like a cookie) to provide a "closing down" hook to the
> module.  If you look at the way that pam_pwdb logs warnings about failed
> password attempts, you will see an example of this.

I will look at it when I have time.

  Thorsten

-- 
Thorsten Kukuk  kukuk@vt.uni-paderborn.de
                http://www-vt.uni-paderborn.de/~kukuk
Linux is like a Vorlon.  It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []