|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Bjoern Voigt wrote:
After looking at the manual page for "pam_fail_delay" and the source code more deeply, I saw, that we already have such faildelay callback functions.3. I don't like the hardcoded "sleep" function very much. This is especially problematic within GUI programs. A GUI program can not react events if it wait's for PAM. Ideally an application could register a custom wait/sleep callback function. Unfortunately such a new callback would not help to secure unmodified programs.
An application programmer could write log entries about failed logins within this callback function before sleeping to avoid the security problem. But does such a solution match the design principles of PAM?
Greetings, Björn _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list