[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 2nd Qs: proposed description of new pam_unix

Solar Designer wrote:
> This is acceptable if we also do one of:
> 1. Re-check the old password when doing the UPDATE, at least in the
> case when PAM_PRELIM_CHECK wasn't done.

Exactly what I currently implementing, just now. :)

> 2. Document it more explicitly that PAM_PRELIM_CHECK is now security
> critical (it should always be called, and its result should never be
> ignored) in case of other implementations of PAM that may be using our
> set of modules.

Not as serious if module "conforms" to 1., but still yes.

> I just don't like adding a security meaning to a non-security feature.

In the other hand, this feature just almost unused without this
treatment.  It is very unlikely that you can do something useful
in PAM_PRELIM_CHECK -- if some system files are missing, you
will fail auth check in most cases, or at least it is "usual"
administrator's mistake with that we can't deal.  Even in case
with network connection -- while we will be sticking asking
old/new passwords, network may be just shut down.
Locking there also not so useful, as you can lock for a
unnecessary significant amount of time (again, while prompting
user and while he chooses good password...).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []