[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Delays

From: Marek Michalkiewicz <marekm i17linuxb ists pwr wroc pl>
To: pam-list redhat com
Subject: Delays
Date: Mon, 24 Jun 1996 21:59:02 +0200 (MET DST)

Now that we are discussing login failure delays - a few comments...

- it isn't all that hard to always call crypt() even if the user
  doesn't exist, I think I sent a patch for this but I'm not sure
  if it's in the current pam_unix module.

- I think the main purpose of delays was to slow down password
  guessing attempts, so it should be OK to do it in the pam_unix
  module, other authentication methods probably don't need them.

- I know it is more "pluggable" to make a separate delay module,
  but if we have so many modules for every little thing, loading
  every such module has its overhead...

I vote for delays built in the pam_unix module.  Maybe we should see
what Sun did?  Solaris has PAM (as a "private internal interface",
according to the RFC) since release 2.3, and they do delays on login
failures for all services by default, so I think they probably have
already solved this problem somehow.

Regards,

Marek

Follow-Ups:
- Re: Delays
  - From: "Michael K. Johnson" <johnsonm@redhat.com>
- Re: Delays
  - From: florian@jurix.jura.uni-sb.de (Florian La Roche)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []