[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: timer restrictions

From: Andrew Morgan <morgan transmeta com>
To: pam-list redhat com
Subject: Re: timer restrictions
Date: Mon, 01 Feb 1999 13:45:03 -0800

> > > Is there any reason why you could not make a module that would trigger
> > > such a firewalling event? I can imagine it having a use for things
> > > besides POP.
> >
> > I do not know if this function would fit completely within the scope of
> > PAM.  Dynamically altering your TCP wrapper access file.  You could hack
> > the tcpd stuff so that it updated a db type file.
> 
> This was my thought also.   TCP_wrapper is pretty common, and I'm
> surprised I haven't seen this mentioned before.  Pretty good for
> managing DOS attacks, as well as the most .... clients.  And works
> for non-authenticating connections.

Perhaps we're thinking of different things? This sort of functionality
certainly has no place inside libpam. However, I can't see why you
couldn't have a PAM module that tells the appropriate local/firewall
daemon that something strange is happenning on a connection from a.b.c.d
and wouldn't it be great if it stopped for some amount of time.

Are you thinking that embedding the daemon inside a module is a bad
idea? I completely agree with that.

Cheers

Andrew

References:
- Re: timer restrictions
  - From: "Douglas M. MacFarlane" <madmac@mcs.net>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []