Authentication flow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,
I have three authentication modules
-- pam_radius_auth.so (for remote authentication)
-- pam_unix ( unix local authentication)
-- pam_opie (challenge/response)
and other accounting modules such as pam_abl, which does user lockout/iplocking.

I would like to choose a better authentication for access to my service:

These are my requirements/clarifications:

--  An intruder should not know how his authentication has failed(due
to user locking or IP address locking or  wrong passwd for remote
authenticaon or for local authenticaion ),  but only SecurityAdmin can
see them in logs. Intruder just gets error as LOGIN failed.
-- While logging to the service, should i allow user to specify
authentication type  such as challenge-response or local, if Radius
servers are not reachable. Will this cause any kind of break in secure
authentication process or does ti contrast with above.
I am thinking of this to help legitimate users to get logged into the service

I am kind of lost here, Can anyone please advise the better approach her.

Many Thanks

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux