On Fri, 2003-09-05 at 16:51, Sean Estabrooks wrote: > On 05 Sep 2003 16:30:03 -0500 > Bret Hughes <[EMAIL PROTECTED]> wrote: > > > On Fri, 2003-09-05 at 13:10, Peter Fleck wrote: > > > Hi, > > > > > > Following are two entries from our /var/log/messages file and I'm > > > wondering about the 'authentication failure' part. This seems to > > > happen with every login, at least remote, although the user logs in > > > normally with no problem. Can we change some setting to make this go > > > away? > > > > > > Thanks. > >
snip > > If there is a fix as well as stopping the login delay on a successful > > logins (where is the information leakage there?) I would like to know > > about it since I really like to keep the installation on my 4 servers as > > stock as possible. > > > > Hey Bret, > > You can add the "nodelay" option in /etc/pam.d/system-auth: > > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nodelay > > I do have a one line source change that removes the need for > the above, has zero information leak, and still presents a delay if > someone types a password incorrectly. The patch makes the > sshd_config option "PermitEmptyPasswords" more meaningful when > set to "no". (ie. sshd no longer asks pam if the user can log in without > a password). Nobody seems interested in the patch upstream though. I don't know what the recourse would be if I were to really raise hell. It appears that the maintainer of RH packages has the power to declare issues NOTABUG and I do not know the procedure to go over them. I pleaded on one of the bug threads not to NOTABUG this issue since it damn well is a big and rendered the package unusable for me. I pay attnetion to who is trying to get to the six boxes I maintain that are directly connected to the internet and filling the logs with crap is unacceptable. Shit I done got all pissed off again. > If you'd like an updated RPM let me know. > Does either of these also fix the bogus auth failure messages? That is the thing that really irks me, and Ben too I guess :) Bret -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
