Bug#333081: libpam-abl ITP (update)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hi,
> Regarding libpam_abl's shortcommings, I'm surprised that an autopurge
> isn't implemented, and I'm equally surprised that it doesn't track
> failed attempts on known users. I had ran some tests, albeit not
> extensive, on this and I believe it recorded failed attempts for known
> users. It would be relatively useless if it didn't. I was also under
> the impression that it has two types of blocking, host level and user
> level. By your account, host level blocking isn't working? Again,
> this would be a very large detriment to the package, making it less
> than useful.
I feared that my explanations would be confusing :-/. From what i
perceived, only the autopurge isnt't implemented / working.
The recording of failed attempts on hosts and users definetly _is_
working, but as many failed login attempts are made to non-existing
users, _these_ attempts are not recorderded in any way (not in hosts nor
in users), because the libpam_abl module is simply not reached in the
chain. But, when rethinking, this could also have other reasons on my
hosts, 1) the sshd having a list of AllowedLogin users (which might be
checked before pam), and 2) maybe also the order in the pam chain.
In any case, my problems with the new pam_abl package should be
investigated before upload :).
Yours, Nico
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFEIWraYm+MkvsfJ58RAzrxAKCLEJCA1nT2w8CXOlwQOgCqq6nGIgCfeMuF
nfQBDAwDuXfEcQXl1kyUAzM=
=dTcl
-----END PGP SIGNATURE-----
Reply to: