shadow: recommended pam.d/login
randy at linuxfromscratch.org
Fri Mar 23 10:59:25 PDT 2007
Jonathan Oksman wrote these words on 03/23/07 12:35 CST:
> The problem with this configuration is that it allows users to brute
> force for usernames at the login prompt. The breakdown is like this:
> - user enters an incorrect name
> - pam_securetty.so fails to validate the username, and returns
> incomplete. since it is a requisite, login fails right here.
> The way to make login behave as it did before installing PAM would be to
> make the following configuration:
This is a great idea. I just tested it using my pam.d/login file
and it works as you suggest. I'll create the ticket right now.
Thanks for the tip, Jonathan.
rmlscsi: [bogomips 1003.28] [GNU ld version 2.16.1] [gcc (GCC) 4.0.3]
[GNU C Library stable release version 2.3.6] [Linux 188.8.131.52 i686]
12:57:00 up 14 days, 10:56, 1 user, load average: 0.01, 0.07, 0.05
More information about the blfs-dev