Bug#333081: libpam-abl ITP (update)
Hey, Nicolai. Good to hear that you've got a package up. I packaged
my own a while back using CDBS, but didn't go to the extent that you
had. I cannot get to mentors for some reason right now to check it
out.
Regarding libpam_abl's shortcommings, I'm surprised that an autopurge
isn't implemented, and I'm equally surprised that it doesn't track
failed attempts on known users. I had ran some tests, albeit not
extensive, on this and I believe it recorded failed attempts for known
users. It would be relatively useless if it didn't. I was also under
the impression that it has two types of blocking, host level and user
level. By your account, host level blocking isn't working? Again,
this would be a very large detriment to the package, making it less
than useful.
With respect to some of the DD's responses toward blocking failed
login attempts, there is some wisdom in using sane parameters when
implementing this type of security. However, I do believe it has a
place in the stack of tools used to discourage inappropriate behavior.
"Defense in Depth" is a phrase uttered repeatedly at any security
courses I've taken. You have at least two DD's now that believe it
has a place in the Debian archive.
Eric, if you could sponsor the package, that would be great. I
personally have no time to take on more packages.
--
Chad Walstrom <chewie@wookimus.net> http://www.wookimus.net/
assert(expired(knowledge)); /* core dump */
Reply to: