[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Including pam_faildelay module in PAM distribution/possible security problem



Bjoern Voigt wrote:
  3. I don't like the hardcoded "sleep" function very much. This is
     especially problematic within GUI programs. A GUI program can not
     react events if it wait's for PAM. Ideally an application could
     register a custom wait/sleep callback function. Unfortunately such
     a new callback would not help to secure unmodified programs.
After looking at the manual page for "pam_fail_delay" and the source code more deeply, I saw, that we already have such faildelay callback functions.

An application programmer could write log entries about failed logins within this callback function before sleeping to avoid the security problem. But does such a solution match the design principles of PAM?

Greetings, Björn


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]