Date: Sat, 19 Jan 2002 17:44:25 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Mark Murray <mark@grondar.za> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c Message-ID: <20020119144424.GD9803@nagual.pp.ru> In-Reply-To: <200201191415.g0JEFQt21503@grimreaper.grondar.org> References: <20020119105418.GA7683@nagual.pp.ru> <200201191415.g0JEFQt21503@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 19, 2002 at 14:15:26 +0000, Mark Murray wrote: > There are lots of ways to do it. One way is to hash on the month > and the uid or username of the account being attacked. This will > change on midnight at the end of the month, but that exposes very > little. And hacker will check you at the end of the month, (remember, open sources). He can check even several users and if they change their numbers in one time, he understand how real they are. The longer way you keep hacker analyzing the more complex code is needed. BTW, all this is not related to currently removed code which sucks in anycase. > > may cause not user confusion only but seriosly affects protocols which not > > expect them. > > If the protocol is not expecting them, but the user has them enabled, you > have a problem anyway. No. After my changes you can enable OPIE for specific user which needs it but not enable for automated user which not needs it. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119144424.GD9803>