Date: Sat, 19 Jan 2002 20:43:39 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Dag-Erling Smorgrav <des@ofug.org> Cc: mark@grondar.za, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: For all who miss it, PAM changes explanation reposted Message-ID: <20020119174339.GG11604@nagual.pp.ru> In-Reply-To: <20020119173633.GD11604@nagual.pp.ru> References: <200201190901.g0J91H641020@freefall.freebsd.org> <xzp1ygm9vc8.fsf@flood.ping.uio.no> <20020119170316.GA11315@nagual.pp.ru> <xzpit9y8dcg.fsf@flood.ping.uio.no> <20020119172829.GB11604@nagual.pp.ru> <xzpadva8cy2.fsf@flood.ping.uio.no> <20020119173633.GD11604@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 19, 2002 at 20:36:34 +0300, Andrey A. Chernov wrote: > > Old behaviour is incorrect because provides UNCONDITIONAL fallback > from pam_opie failure to pam_unix, next in the chain. This fallback must > be CONDITIONAL according to OPIE way of things. Conditions include remote > host checking and user home directory checking. Note about producing fake prompts: We *ALL* agree that old OPIE scheme with fake promts, in the way it was implemented, is not improves security. Everybody can detect it trying two times. So, it should be revmoved first (the thing I do) and maybe replaced with more advanced variant next (someone else). -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119174339.GG11604>