On Fri, May 23, Thorsten Kukuk wrote:
On Fri, May 23, Frankie Boy wrote:
Hello!
Me and my friend started to develop a PAM-module which moves the
configuration-process responsibility from system administrator to system
users.
Every system user is able to configure his own pam-modules stack for
authentication.
Hm, isn't that a big security risk? This would allow an user
to configure a very weak authentication schema, which allows
hacker to crack this account very fast ...
Thorsten
Thanks for your reply,
Yes, there is a possibility to create weak authentication scheme,
but it will allow hacker to crack only the account of a user who created this schema!
module is targeted to advanced users,
users that don't know of the module existence will use default configs
Please note that in a system that use passwords to verify users, user might for example set password same as his user name
or for example send his password to someone.
When user is allowed to configure whole stack of modules instead of password there is of course more ways to hack user account.
But with more flexibility we require more responsibility. As i was saying this is targeted to users
that know what are they doing and will do it at their own response
this is also described on sourceforge site.
best regards, hope i am clear, Franciszek Wawrzak,
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
