[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Re: pam module that allows users to write their own configuration

On Fri, May 23, Thorsten Kukuk wrote:

On Fri, May 23, Frankie Boy wrote:


Me and my friend started to develop a PAM-module which moves the configuration-process responsibility from system administrator to system users. Every system user is able to configure his own pam-modules stack for authentication.

Hm, isn't that a big security risk? This would allow an user
to configure a very weak authentication schema, which allows
hacker to crack this account very fast ...


Thanks for your reply,

Yes, there is a possibility to create weak authentication scheme,
but it will allow hacker to crack only the account of a user who created this schema!

module is targeted to advanced users, users that don't know of the module existence will use default configs

Please note that in a system that use passwords to verify users, user might for example set password same as his user name or for example send his password to someone.
When user is allowed to configure whole stack of modules instead of password there is of course more ways to hack user account.

But with more flexibility we require more responsibility. As i was saying this is targeted to users that know what are they doing and will do it at their own response

this is also described on sourceforge site.
best regards, hope i am clear, Franciszek Wawrzak,

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]