[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[libpam-opie] pam_opie.so does not lock user



Hello,

on a debian lenny system with installed and configured libpam-opie you
can have more then one session at a time to attempt to authenticate a
user. Meaning /etc/opielocks/ is not used. So race attacks on OTP are
possible.

Is that a bug in the old package or a misconfiguration on my part?

thanks,

PJ


Reply to: