Including pam_faildelay module in PAM distribution
Bjoern Voigt
bjoern at cs.tu-berlin.de
Sun Oct 22 13:17:38 UTC 2006
Hello!
Since long time I miss support for PAM's pam_fail_delay() function in
common Linux applications. For instance, OpenSSH and SUDO don't support
fail delay without special patches.
I discussed this problem already with the OpenSSH developers:
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=112166069618320&w=2
The PAM module pam_faildelay
http://www.zip.com.au/~dtucker/patches/#pam_faildelay
solves the problem with Linux applications which do not have an own
support for pam_fail_delay very elegant.
The only problem is, that the module pam_faildelay is difficult to find.
Probably no common Linux distribution has it, see http://www.rpmseek.com/
Why we don't include the module pam_faildelay in the standard PAM
distribution? This has some benefits:
* users can find it easier since it's in their distribution
* Linux distributors can configure the applications with fail delay
be default
* the module will be maintained
* if more users and administrators use applications with fail delay
support, security will be increased
What do you think?
Greetings,
Björn
More information about the Pam-list
mailing list