shadow: recommended pam.d/login

Randy McMurchy randy at linuxfromscratch.org
Fri Mar 23 10:59:25 PDT 2007


Jonathan Oksman wrote these words on 03/23/07 12:35 CST:

> The problem with this configuration is that it allows users to brute
> force for usernames at the login prompt.  The breakdown is like this:
> 
> - user enters an incorrect name
> - pam_securetty.so fails to validate the username, and returns
>   incomplete.  since it is a requisite, login fails right here.
> 
> The way to make login behave as it did before installing PAM would be to
> make the following configuration:

This is a great idea. I just tested it using my pam.d/login file
and it works as you suggest. I'll create the ticket right now.
Thanks for the tip, Jonathan.

-- 
Randy

rmlscsi: [bogomips 1003.28] [GNU ld version 2.16.1] [gcc (GCC) 4.0.3]
[GNU C Library stable release version 2.3.6] [Linux 2.6.14.3 i686]
12:57:00 up 14 days, 10:56, 1 user, load average: 0.01, 0.07, 0.05



More information about the blfs-dev mailing list