pam module that allows users to write their own configuration
Thorsten Kukuk
kukuk at suse.de
Fri May 23 14:39:17 UTC 2008
On Fri, May 23, Frankie Boy wrote:
> On Fri, May 23, Thorsten Kukuk wrote:
>
> >On Fri, May 23, Frankie Boy wrote:
> >
> >>Hello!
> >>
> >>Me and my friend started to develop a PAM-module which moves the
> >>configuration-process responsibility from system administrator to system
> >>users.
> >>Every system user is able to configure his own pam-modules stack for
> >>authentication.
> >
> >Hm, isn't that a big security risk? This would allow an user
> >to configure a very weak authentication schema, which allows
> >hacker to crack this account very fast ...
> >
> > Thorsten
>
> Thanks for your reply,
>
> Yes, there is a possibility to create weak authentication scheme,
> but it will allow hacker to crack only the account of a user who created
> this schema!
That's more than enough, for example to misuse the account for sending
out thousands of SPAM mail.
> Please note that in a system that use passwords to verify users, user might
> for example set password same as his user name or for example send his
> password to someone.
But then the admin did not setup the PAM stack correct ;-)
There are more than enough modules to make sure, that the user
always chooses a strong password.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the Pam-list
mailing list