diff options
author | Charl Botha <cpbotha@cpbotha.net> | 2001-07-14 20:50:21 +0000 |
---|---|---|
committer | Charl Botha <cpbotha@cpbotha.net> | 2001-07-14 20:50:21 +0000 |
commit | 07e2aca8d4c90616fabc99f5abff71b423fad6b7 (patch) | |
tree | 2b4d94068fd98ca36b1963ea52064d67da8f55f9 /README | |
parent | 632939171280f34924cbae6fe9f286bdc8b508eb (diff) | |
download | libpam-pwdfile-0.95.tar.gz |
Integrated patch for 2 second delay at incorrect password.v0.95
Fixed minor build warnings (added _BSD_SOURCE define).
Diffstat (limited to 'README')
-rw-r--r-- | README | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -1,8 +1,8 @@ README for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org> -$Id: README,v 1.7 2001-06-15 21:24:30 cpbotha Exp $ +$Id: README,v 1.8 2001-07-14 20:50:21 cpbotha Exp $ --------------------------------------------------------------------------- -This is version 0.9 of pam_pwdfile. +This is version 0.95 of pam_pwdfile. This pam module can be used for the authentication service only, in cases where one wants to use a different set of passwords than those in the main @@ -18,7 +18,7 @@ account required /lib/security/pam_pwdb.so At the moment the only parameters that pam_pwdfile.so parses for is "pwdfile", followed by the name of the ASCII password database, as in the above example. Also, thanks to Jacob Schroeder <jacob@quantec.de>, -pam_pwdfile now supports password file locking. Adding an "flock" parameter +pam_pwdfile now supports password file locking. Adding a "flock" parameter activates this feature: pam_pwdfile uses and honours flock() file locking on the specified password file. Specifying "noflock" or no flock-type parameter at all deactivates this feature. @@ -26,6 +26,11 @@ parameter at all deactivates this feature. Example: auth required /lib/security/pam_pwdfile.so pwdfile /etc/blah.passwd flock +Like other PAM modules, pam_pwdfile causes a 2 second delay when an +incorrect password is supplied. This is too discourage brute force testing; +however, this behaviour can be disabled with a "nodelay" parameter. Thanks +to Ethan Benson for this patch. + The ASCII password file is simply a list of lines, each looking like this: username:crypted_passwd[13] in the case of vanilla crypted passwords and username:crypted_passwd[34] in the case of MD5 crypted passwords. The |