Does anyone know if it's possible to record failed password attempts (in plan language)
I'd like to record the actual passwords that fail (pam auth fails) but I can't see a way to do it.
Thanks
PAM
Re: PAM
Thanks -
The counts of attempts are recorded in the logs anyway.
I see the inability to identify actual failed attempts as a security hazard not the other way around.
If you know what is being tried you can probably work out where the leak is that gave them the
idea they could get in in the first place. Passwords used on other web sites for example.
The counts of attempts are recorded in the logs anyway.
I see the inability to identify actual failed attempts as a security hazard not the other way around.
If you know what is being tried you can probably work out where the leak is that gave them the
idea they could get in in the first place. Passwords used on other web sites for example.
Re: PAM
But if you go to logon as root and make a single letter typo in your password, now the nearly-right password is in the logs and you've given away 90% of your root password to anyone who cares to read it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
gerald_clark
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: PAM
Indeed it is.
Re: PAM
There is a reason why passwords are encrypted even though they are also kept in a file that is readable only by root. What you are proposing to do is insecure and should not be done.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: PAM
The reverse is true and implementation is now underway.
Websites collecting passwords for distribution to hackers and other agencies
will be capable of being exposed now.
As for encryption - any serious group knows that online encryption is not secure
by decree of the US government and can be broken with a little effort.
Online "encryption" only protects from the curious and the amateur; not the organised
hackers or criminal gangs.
If its security you want you should be shouting at the rooftops to get windows 10 and HTML5 outlawed.
Websites collecting passwords for distribution to hackers and other agencies
will be capable of being exposed now.
As for encryption - any serious group knows that online encryption is not secure
by decree of the US government and can be broken with a little effort.
Online "encryption" only protects from the curious and the amateur; not the organised
hackers or criminal gangs.
If its security you want you should be shouting at the rooftops to get windows 10 and HTML5 outlawed.