Re: pam_securetty failure for unknown users on secure ttys
Hi,
On Sat, Jun 21, 2008 at 09:14:27AM +0200, kukuk@xxxxxxx wrote:
>
> On Sat, Jun 21, Nicolas François wrote:
>
> > If the failure were limited to non-secure TTYs, this would limit the
> > probability of such brute force.
>
> But wouldn't a hacker come from a non-secure TTY most of the time?
> And there you would still have the same problem with your suggestion.
> It only helps for the local console, not for network attacks.
Yes. It's far from perfect.
Enforcing a delay in login might be better to protect against brute force
attacks.
> Between, what I use to avoid your problem in /etc/pam.d/login:
>
> auth requisite pam_nologin.so
> auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so
> auth include common-auth
Thanks, that's what I will consider.
Best Regards,
--
Nekral
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Fedora Users]
[Kernel]
[Red Hat Install]
[Linux for the blind]
[Gimp]
