pam: Fix not querying password for invalid user - BMC/Intel-BMC/openbmc.git - Intel-BMC/openbmc is a BMC implementation for servers (mirror)

diff options

author	Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>	2019-08-30 14:47:03 +0300
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	2019-09-13 13:15:16 +0300
commit	4bfffde7b5edeee761d32b174386bd1e1e28fab9 (patch)
tree	c2a76ef80e3e2a87e7b0088f47434af8e4385d54 /meta-openembedded/meta-oe/recipes-devtools
parent	bca48eae0c40afa729922263645ead4447493193 (diff)
download	openbmc-4bfffde7b5edeee761d32b174386bd1e1e28fab9.tar.xz

pam: Fix not querying password for invalid user

Not querying password for invalid user name is security issue and can be used to determine valid / invalid user names in the system. Always proceed to password acceptance screen for invalid user login attempt too. This commit configures pam_tally2 to ignore unknown user and proceed to do password check. Tested: Verified the same in bmc serial console login with invalid user name and password was requested, before displaying login incorrect. Note: dropbear handles this already and hence ssh will not exhibit this behavior. (From meta-phosphor rev: 356ec08b989c84d1d034c3ff283a6909658d9435) Change-Id: I72483d26ad7b7c39068ac33b7387adf2b10a1a27 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

Diffstat (limited to 'meta-openembedded/meta-oe/recipes-devtools')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: