Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago you could posibly write a php script or something that ( if it is a webserver )
to
email you a new card or something? i think that is a problem with ssh not
necicarily
the ppp-pam module.
Original comment by pythonho...@gmail.com on 24 Nov 2007 at 4:38
GoogleCodeExporter
commented
9 years ago I have found a simple solution for this problem. Since the pam_unix.so module
in
/etc/pam.d/common-auth is called before the PPP-PAM module (if you follow the
default
instructions for installing this), I changed pam_unix.so from being "required"
to
"requisite". A failure at a requisite module will stop PAM from invoking the
rest of
the modules, so PAM will not invoke the PPP module if pam_unix.so failed. This
forces me to correctly enter my Linux password before the I am prompted for my
PPP
passcode. Now an attacker would have to know my Linux password before he could
start
pushing the passcode counter off my current cards.
I have not experienced any other problems with the rest of my Linux server by
doing
this, but I am only running ssh, samba, and squid on this server. If this
causes
problems with other systems, you can always replace the "@include common-auth"
line
with the modules from the common-auth file with pam_unix.so changed to
requisite. Original comment by brianpgordon@gmail.com on 22 Feb 2008 at 5:01
GoogleCodeExporter
commented
9 years ago The system could also lock out for a period of time after 2 PPP failures. When
the
system is on the last 10 passcodes of the last card generated, it could either
email
the user or tell them on login to generate more cards.Original comment by kurtisnelson on 15 Aug 2008 at 1:09
GoogleCodeExporter
commented
9 years ago Original comment by Luke.Faraone on 9 Jan 2009 at 3:58
Original issue reported on code.google.com by
ana...@gmail.comon 13 Nov 2007 at 7:39