Bjoern Voigt wrote:
3. I don't like the hardcoded "sleep" function very much. This is
especially problematic within GUI programs. A GUI program can not
react events if it wait's for PAM. Ideally an application could
register a custom wait/sleep callback function. Unfortunately such
a new callback would not help to secure unmodified programs.
After looking at the manual page for "pam_fail_delay" and the source
code more deeply, I saw, that we already have such faildelay callback
functions.
An application programmer could write log entries about failed logins
within this callback function before sleeping to avoid the security
problem. But does such a solution match the design principles of PAM?
Greetings, Björn
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list