From owner-freebsd-arch  Sat Mar  9 12:44:35 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 3FA8237B400
	for <arch@FreeBSD.ORG>; Sat,  9 Mar 2002 12:44:23 -0800 (PST)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id 2F3355348; Sat,  9 Mar 2002 21:44:21 +0100 (CET)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: Garance A Drosihn <drosih@rpi.edu>
Cc: arch@FreeBSD.ORG
Subject: Re: Fix for login.c, added questions
References: <p05101530b8b014ffc5c7@[128.113.24.47]>
	<p05101531b8b01b012e1c@[128.113.24.47]>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 09 Mar 2002 21:44:20 +0100
In-Reply-To: <p05101531b8b01b012e1c@[128.113.24.47]>
Message-ID: <xzpr8mt5v4r.fsf@flood.ping.uio.no>
Lines: 25
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

Garance A Drosihn <drosih@rpi.edu> writes:
> Reading thru login.c, it seems to me that we should probably
> consider some other changes too.  One thing I noticed, for
> instance, is that login.c tries to setup a 300-second timeout,
> but apparently that timeout is masked off somewhere inside the
> auth_pam() processing.

OpenPAM's standard conversation function uses a 180-second timeout for
prompts, but it should restore the previous signal handlers and mask
and restart any previously running timer.  It's conceivable that there
is a bug in that code, though.  Take a look at
src/contrib/openpam/lib/openpam_ttyconv.c and see if you spot any
glaring errors.

> Do people think we could drop the nice idea of avoiding the
> syslog message in the above situation, and just always write
> out the syslog message right when we know the password is
> wrong?  That will increase the number of syslog messages,
> which might alarm some users, but I think it's safer.

I totally agree.  It's just not worth the added complexity.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message