[libpam-opie] pam_opie.so does not lock user
Hello,
on a debian lenny system with installed and configured libpam-opie you
can have more then one session at a time to attempt to authenticate a
user. Meaning /etc/opielocks/ is not used. So race attacks on OTP are
possible.
Is that a bug in the old package or a misconfiguration on my part?
thanks,
PJ
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Relevant Pages
- Re: [PHP] How to skip browsers Warning?
... Or store the search data in a $_SESSION or $_COOKIE or in the database associated with the user's SESSIONID. ... To resend the data, click ... PHP General Mailing List ... To unsubscribe, visit: http://www.php.net/unsub.php ...
(php.general) - Re: [PHP] How to skip browsers Warning?
... Or store the search data in a $_SESSION or $_COOKIE or in the database associated with the user's SESSIONID. ... To resend the data, click ... PHP General Mailing List ... To unsubscribe, visit: http://www.php.net/unsub.php ...
(php.general) - Re: Starts another X server with different virtual terminal (for with use USB VGA) ?
... > (The conf file is attached in the email. ... The session of input device ... seperate virtual terminals, but on a single physical monitor. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User) - Re: buildworld via ssh
... Subject: buildworld via ssh ... >> pipe the output to a logfile. ... Long story short, my session was ... To unsubscribe, ...
(freebsd-questions) - Re: X gets killed immediately after successful graphical logon
... The machine starts up and shows kdm, as it has been doing for some years. ... Only, whenever I logon, as any user, or any session (kde, gnome, ... like any X session started after the successful logon must have some ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User) |
|
