Re: Re: pam module that allows users to write their own configuration
- Subject: Re: Re: pam module that allows users to write their own configuration
- From: Thorsten Kukuk <kukuk@xxxxxxx>
- Date: Fri, 23 May 2008 16:39:17 +0200
- In-reply-to: <4836D3BA.30203@xxxxx>
- Organization: SUSE LINUX Products GmbH, Nuernberg, Germany, GF: Markus Rex, HRB 16746 (AG Nuernberg)
- References: <4836D3BA.30203@xxxxx>
- User-agent: Mutt/1.5.9i
On Fri, May 23, Frankie Boy wrote:
> On Fri, May 23, Thorsten Kukuk wrote:
>
> >On Fri, May 23, Frankie Boy wrote:
> >
> >>Hello!
> >>
> >>Me and my friend started to develop a PAM-module which moves the
> >>configuration-process responsibility from system administrator to system
> >>users.
> >>Every system user is able to configure his own pam-modules stack for
> >>authentication.
> >
> >Hm, isn't that a big security risk? This would allow an user
> >to configure a very weak authentication schema, which allows
> >hacker to crack this account very fast ...
> >
> > Thorsten
>
> Thanks for your reply,
>
> Yes, there is a possibility to create weak authentication scheme,
> but it will allow hacker to crack only the account of a user who created
> this schema!
That's more than enough, for example to misuse the account for sending
out thousands of SPAM mail.
> Please note that in a system that use passwords to verify users, user might
> for example set password same as his user name or for example send his
> password to someone.
But then the admin did not setup the PAM stack correct ;-)
There are more than enough modules to make sure, that the user
always chooses a strong password.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Fedora Users]
[Kernel]
[Red Hat Install]
[Linux for the blind]
[Gimp]
