From 07e2aca8d4c90616fabc99f5abff71b423fad6b7 Mon Sep 17 00:00:00 2001 From: Charl Botha Date: Sat, 14 Jul 2001 20:50:21 +0000 Subject: Integrated patch for 2 second delay at incorrect password. Fixed minor build warnings (added _BSD_SOURCE define). --- README | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'README') diff --git a/README b/README index 7a366dd..0bce847 100644 --- a/README +++ b/README @@ -1,8 +1,8 @@ README for pam_pwdfile PAM module - Charl P. Botha -$Id: README,v 1.7 2001-06-15 21:24:30 cpbotha Exp $ +$Id: README,v 1.8 2001-07-14 20:50:21 cpbotha Exp $ --------------------------------------------------------------------------- -This is version 0.9 of pam_pwdfile. +This is version 0.95 of pam_pwdfile. This pam module can be used for the authentication service only, in cases where one wants to use a different set of passwords than those in the main @@ -18,7 +18,7 @@ account required /lib/security/pam_pwdb.so At the moment the only parameters that pam_pwdfile.so parses for is "pwdfile", followed by the name of the ASCII password database, as in the above example. Also, thanks to Jacob Schroeder , -pam_pwdfile now supports password file locking. Adding an "flock" parameter +pam_pwdfile now supports password file locking. Adding a "flock" parameter activates this feature: pam_pwdfile uses and honours flock() file locking on the specified password file. Specifying "noflock" or no flock-type parameter at all deactivates this feature. @@ -26,6 +26,11 @@ parameter at all deactivates this feature. Example: auth required /lib/security/pam_pwdfile.so pwdfile /etc/blah.passwd flock +Like other PAM modules, pam_pwdfile causes a 2 second delay when an +incorrect password is supplied. This is too discourage brute force testing; +however, this behaviour can be disabled with a "nodelay" parameter. Thanks +to Ethan Benson for this patch. + The ASCII password file is simply a list of lines, each looking like this: username:crypted_passwd[13] in the case of vanilla crypted passwords and username:crypted_passwd[34] in the case of MD5 crypted passwords. The -- cgit v1.2.3