Date: Tue, 18 Mar 2003 14:45:25 -0800 (PST) From: Julian Elischer <julian@elischer.org> To: Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= <des@ofug.org> Cc: hackers@freebsd.org Subject: Re: rumour of password aging failure in 4.7/4.8RC Message-ID: <Pine.BSF.4.21.0303181439160.35378-100000@InterJet.elischer.org> In-Reply-To: <xzpznns1f0z.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Mar 2003, Dag-Erling [iso-8859-1] Sm=F8rgrav wrote: > Julian Elischer <julian@elischer.org> writes: > > So, the fix would be to go back to an old version of ssh? >=20 > Yes, but you'd have to go back to a version with known remotely > exploitable vulnerabilities. >=20 > Since this is a problem for you and your customers, I will look into > getting password changing to work, at least for PAM authentication, > when I import 3.6 (which should be out in a few weeks). Ok so we'll have to miss 4.8. Does making it work for PAM allow it to work for ssh? That's where they are worried the most. >=20 > DES > --=20 > Dag-Erling Sm=F8rgrav - des@ofug.org THANKS! The banks are all getting paranoid at the though of an organised break-in attempt from "unfriendly" sources and it trickles down to us.. The other thing they are on about is "3 tries and you are out" password lockouts. /usr/src/contrib/libpam/modules/pam_tally.c is what they want. We're trying to 'resurect' it and see if it still works with 4.8. is there a similar file for the new PAM code? (or another way of doing it?)=20 Are old and new PAM modules in any way compatible? If we wrote one that ran on 4.x would we be able to continue to run int (even with a recompile) when we switch to 5.3? =20 >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0303181439160.35378-100000>