diff options
author | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-08-01 09:58:14 +0000 |
---|---|---|
committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-08-01 09:58:14 +0000 |
commit | 431e8c6747b4a4bb814457cd51f4a3c4fd1673a5 (patch) | |
tree | 082da78936220348db913d4d9b34763b27a48ba7 /doc/man/pam_fail_delay.3.xml | |
parent | 31c5402b292a1c76268221f570952c450755fd60 (diff) |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2006-08-01 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance
rationale about when this function should be used and when not.
Diffstat (limited to 'doc/man/pam_fail_delay.3.xml')
-rw-r--r-- | doc/man/pam_fail_delay.3.xml | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/doc/man/pam_fail_delay.3.xml b/doc/man/pam_fail_delay.3.xml index 2cac066a..a101cf39 100644 --- a/doc/man/pam_fail_delay.3.xml +++ b/doc/man/pam_fail_delay.3.xml @@ -50,13 +50,13 @@ control is returned to the service application. </para> <para> - When using this function the application programmer should check if - it is available with: + When using this function the programmer should check if it is + available with: </para> <programlisting> -#ifdef PAM_FAIL_DELAY +#ifdef HAVE_PAM_FAIL_DELAY .... -#endif /* PAM_FAIL_DELAY */ +#endif /* HAVE_PAM_FAIL_DELAY */ </programlisting> <para> @@ -93,7 +93,7 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); <citerefentry> <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> </citerefentry>. - Note, if PAM_FAIL_DELAY is unset (or set to NULL), then no delay + Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay will be performed. </para> </refsect1> @@ -116,6 +116,9 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); <para> To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process. + Preferable this value should be set by the application or a special + PAM module. Standard PAM modules should not modify the delay + unconditional. </para> </refsect1> @@ -195,5 +198,5 @@ module #2: pam_fail_delay (pamh, 4000000); Linux-PAM extension. </para> </refsect1> - + </refentry> |