Re: pam 1.6.1-2 breaks sudo password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi there,

On Fri, Apr 12, 2024 at 11:36:43AM +0200, Martin Rys wrote:
> > FYI, the "idiotic default" may feel less annoying when you use the
> > documented solution
> 
> Would be great if one got this as an error message when the logins
> start timing out.
> 
> Unfortunately that's not the case, the UX is beyond terrible, you get
> the same identical error for a WRONG password as for the TIMED OUT
> password, making people waste time and be frustrated to the point of
> going on mailing lists.

It's common practice to not give an attacker more info than needed, so
"wrong password" and "locked user" is most likely intended to give the
same error message.

-- 
Georg

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux