Date: Tue, 18 Mar 2003 14:45:25 -0800 (PST) From: Julian Elischer <julian@elischer.org> To: Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= <des@ofug.org> Cc: hackers@freebsd.org Subject: Re: rumour of password aging failure in 4.7/4.8RC Message-ID: <Pine.BSF.4.21.0303181439160.35378-100000@InterJet.elischer.org> In-Reply-To: <xzpznns1f0z.fsf@flood.ping.uio.no>
index | next in thread | previous in thread | raw e-mail
On Tue, 18 Mar 2003, Dag-Erling [iso-8859-1] Smørgrav wrote: > Julian Elischer <julian@elischer.org> writes: > > So, the fix would be to go back to an old version of ssh? > > Yes, but you'd have to go back to a version with known remotely > exploitable vulnerabilities. > > Since this is a problem for you and your customers, I will look into > getting password changing to work, at least for PAM authentication, > when I import 3.6 (which should be out in a few weeks). Ok so we'll have to miss 4.8. Does making it work for PAM allow it to work for ssh? That's where they are worried the most. > > DES > -- > Dag-Erling Smørgrav - des@ofug.org THANKS! The banks are all getting paranoid at the though of an organised break-in attempt from "unfriendly" sources and it trickles down to us.. The other thing they are on about is "3 tries and you are out" password lockouts. /usr/src/contrib/libpam/modules/pam_tally.c is what they want. We're trying to 'resurect' it and see if it still works with 4.8. is there a similar file for the new PAM code? (or another way of doing it?) Are old and new PAM modules in any way compatible? If we wrote one that ran on 4.x would we be able to continue to run int (even with a recompile) when we switch to 5.3? > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0303181439160.35378-100000>