linux.debian.bugs.dist
[Top] [All Lists]
<prev [Date] next>
<prev [Thread] next>

Bug#405087: Short time response by pam_tally if password is true.

from [Ellouz mehdi]
Subject: Bug#405087: Short time response by pam_tally if password is true.
From: "Ellouz mehdi"
Date: Sun, 31 Dec 2006 04:30:15 +0100
Newsgroups: linux.debian.bugs.dist 
Package: libpam-modules
Version: 0.76-22

I tried to secure my ssh server with pam_tally.Pam_tally lock the account
very well, but at home, pam_tally quickly if password is true. I add in my
/etc/pam.d/ssh :


auth            required        pam_tally.so onerr=fail no_magic_root
account         required        pam_tally.so onerr=fail deny=4 reset
no_magic_root

(I use too allowgroup in /etc/ssh/sshd_config)

 When i comment pam_tally's lines from /etc/pam.d/ssh, clients will
connect.

 If somebody try a brut force cracking, even if pam_tally lock the
account, he can use timming to know if password is correct? So if root
unable the lock-account, the cracker could use it.

I am using Debian GNU/Linux 3.1, kernel 2.6.8-2-386.

ps:Sorry for my english, I am french...
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Bug#405087: Short time response by pam_tally if password is true., Ellouz mehdi <=
Previous by Date:  Bug#338405: another patch, Russell Coker
Next by Date:  Bug#404977: hpodder hangs during update, John Goerzen
Previous by Thread:  Bug#338405: another patch, Russell Coker
Next by Thread:  Bug#405088: ftp.debian.org: [Priorities] Please synch libldap-2.3-0, Filipus Klutiero
Indexes:  [Date] [Thread] [Top] [All Lists]
Privacy Policy