[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Delays
- From: Marek Michalkiewicz <marekm i17linuxb ists pwr wroc pl>
- To: pam-list redhat com
- Subject: Re: Delays
- Date: Mon, 24 Jun 1996 22:54:23 +0200 (MET DST)
Michael K. Johnson:
> Passwords are not restricted to the pam_unix modules. Just because
> most of the other modules currently available don't have anything to
> do with passwords doesn't mean that we should ignore the possibility
> of others having passwords later. For instance, the kerberos and
> s/key modules will work with passwords.
Passwords are not restricted to pam_unix, but they are (the traditional
reusable ones anyway) considered obsolete, so most new authentication
methods probably won't use them. Don't know about kerberos, but s/key
uses one-time passwords - guessing doesn't make much sense...
> Overhead is hardly a problem for a delay module, is it?
Except for additional disk I/O caused by loading it :-). My comment
about overhead was general, not just about that particular module.
> Hm. Sounds like they implemented it in their version of libpam.
> That's a possibility, but I prefer to give the sysadmin the control
> over the policy. Isn't that one of the goals of PAM? I know sysadmins
I'm not suggesting that we just hardcode sleep(3) or whatever. On
Solaris it is controlled by SLEEPTIME=seconds (default 4 seconds)
in /etc/default/login. Shadow has FAIL_DELAY in /etc/login.defs.
So the sysadmin does have control over the policy.
Regards,
Marek
- References:
- Re: Delays
- From: "Michael K. Johnson" <johnsonm@redhat.com>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[]