pam module that allows users to write their own configuration
Frankie Boy
francioszary at wp.pl
Fri May 23 14:24:58 UTC 2008
On Fri, May 23, Thorsten Kukuk wrote:
>On Fri, May 23, Frankie Boy wrote:
>
>> Hello!
>>
>> Me and my friend started to develop a PAM-module which moves the
>> configuration-process responsibility from system administrator to system
>> users.
>> Every system user is able to configure his own pam-modules stack for
>> authentication.
>
>Hm, isn't that a big security risk? This would allow an user
>to configure a very weak authentication schema, which allows
>hacker to crack this account very fast ...
>
> Thorsten
Thanks for your reply,
Yes, there is a possibility to create weak authentication scheme,
but it will allow hacker to crack only the account of a user who created this schema!
module is targeted to advanced users,
users that don't know of the module existence will use default configs
Please note that in a system that use passwords to verify users, user might for example set password same as his user name
or for example send his password to someone.
When user is allowed to configure whole stack of modules instead of password there is of course more ways to hack user account.
But with more flexibility we require more responsibility. As i was saying this is targeted to users
that know what are they doing and will do it at their own response
this is also described on sourceforge site.
best regards, hope i am clear, Franciszek Wawrzak,
More information about the Pam-list
mailing list