pam_securetty failure for unknown users on secure ttys

Nicolas François nekral.lists at gmail.com
Sat Jun 14 20:47:51 UTC 2008


Hello,

On Debian, login uses pam_securetty as a requisite module.
The reason for this is to fail immediately if the tty is not secure to
avoid prompting for a password on an insecure line.

In Linux-PAM-0_99_1_0 (pam_securetty.c revision 1.8), the return value of
the authentication function was changed from PAM_IGNORE to
PAM_USER_UNKNOWN.
When pam_securetty is a requisite module, this means that the
authentication will fail immediately if the user does not exist in the
system. This might indicate to an attacker that the given user does not
exist.

What was the rational for changing the return value from PAM_IGNORE to
PAM_USER_UNKNOWN?
(BTW the pam_securetty's manpage needs an update)

I would prefer that pam_securetty fails only if the tty is not secure and
the user is root or unknown.
And to leave the user authentication / check for validity to the pam_unix
module.

Best Regards,
-- 
Nekral




More information about the Pam-list mailing list