[Bug 117] OpenSSH second-guesses PAM
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Apr 17 17:54:12 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=117
------- Additional Comments From fcusack at fcusack.com 2002-04-17 17:54 -------
Yes "YOU" see the username but PAM doesn't. How about a comment in the
code about the timing attack you are trying to mitigate?
You are eliminating the possibility that sshd might want to authenticate
someone without a local account (requesting a non-login service?).
Also, I think this is counter-productive with PAM. PAM has it's own
ability to do this.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list