Date: 09 Mar 2002 21:44:20 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Garance A Drosihn <drosih@rpi.edu> Cc: arch@FreeBSD.ORG Subject: Re: Fix for login.c, added questions Message-ID: <xzpr8mt5v4r.fsf@flood.ping.uio.no> In-Reply-To: <p05101531b8b01b012e1c@[128.113.24.47]> References: <p05101530b8b014ffc5c7@[128.113.24.47]> <p05101531b8b01b012e1c@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
Garance A Drosihn <drosih@rpi.edu> writes: > Reading thru login.c, it seems to me that we should probably > consider some other changes too. One thing I noticed, for > instance, is that login.c tries to setup a 300-second timeout, > but apparently that timeout is masked off somewhere inside the > auth_pam() processing. OpenPAM's standard conversation function uses a 180-second timeout for prompts, but it should restore the previous signal handlers and mask and restart any previously running timer. It's conceivable that there is a bug in that code, though. Take a look at src/contrib/openpam/lib/openpam_ttyconv.c and see if you spot any glaring errors. > Do people think we could drop the nice idea of avoiding the > syslog message in the above situation, and just always write > out the syslog message right when we know the password is > wrong? That will increase the number of syslog messages, > which might alarm some users, but I think it's safer. I totally agree. It's just not worth the added complexity. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpr8mt5v4r.fsf>