[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Big security hole in (my config of) PAM

On Tue, Aug 17, 2004 at 07:34:42AM +0800, John Darrington wrote:
> Whenever I add the line 
> auth    required       pam_securetty.so

It is not due to this line.

> auth    sufficient      pam_unix.so nullok_secure 

This is the problem.  You are not requiring that people authenticate,
thus an incorrect password will not result in a hard failure.

You need to read the PAM documentation.


Attachment: pgp5641bXh8t9.pgp
Description: PGP signature

Reply to: