[Bug 117] OpenSSH second-guesses PAM
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Apr 17 11:07:35 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=117
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From djm at mindrot.org 2002-04-17 11:07 -------
You do see the username, auth2.c line 193-197:
log("input_userauth_request: illegal user %s", user);
#ifdef USE_PAM
start_pam("NOUSER");
#endif
We fake a username with PAM to mitigate timing attacks.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list