On Fri, May 23, Frankie Boy wrote: > On Fri, May 23, Thorsten Kukuk wrote: > > >On Fri, May 23, Frankie Boy wrote: > > > >>Hello! > >> > >>Me and my friend started to develop a PAM-module which moves the > >>configuration-process responsibility from system administrator to system > >>users. > >>Every system user is able to configure his own pam-modules stack for > >>authentication. > > > >Hm, isn't that a big security risk? This would allow an user > >to configure a very weak authentication schema, which allows > >hacker to crack this account very fast ... > > > > Thorsten > > Thanks for your reply, > > Yes, there is a possibility to create weak authentication scheme, > but it will allow hacker to crack only the account of a user who created > this schema! That's more than enough, for example to misuse the account for sending out thousands of SPAM mail. > Please note that in a system that use passwords to verify users, user might > for example set password same as his user name or for example send his > password to someone. But then the admin did not setup the PAM stack correct ;-) There are more than enough modules to make sure, that the user always chooses a strong password. Thorsten -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
