|author||Thorsten Kukuk <email@example.com>||2006-08-01 09:58:14 +0000|
|committer||Thorsten Kukuk <firstname.lastname@example.org>||2006-08-01 09:58:14 +0000|
Purpose of commit: bugfix Commit summary: --------------- 2006-08-01 Thorsten Kukuk <email@example.com> * doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance rationale about when this function should be used and when not.
Diffstat (limited to 'doc/man/pam_fail_delay.3')
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/man/pam_fail_delay.3 b/doc/man/pam_fail_delay.3
index f9a7e2d1..000276ed 100644
@@ -1,11 +1,11 @@
.\" Title: pam_fail_delay
.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/27/2006
+.\" Date: 08/01/2006
.\" Manual: Linux\-PAM Manual
.\" Source: Linux\-PAM Manual
-.TH "PAM_FAIL_DELAY" "3" "06/27/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FAIL_DELAY" "3" "08/01/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.\" disable justification (adjust text to left margin only)
@@ -37,13 +37,13 @@ all authentication modules have been called, but
control is returned to the service application.
-When using this function the application programmer should check if it is available with:
+When using this function the programmer should check if it is available with:
-#endif /* PAM_FAIL_DELAY */
+#endif /* HAVE_PAM_FAIL_DELAY */
@@ -73,7 +73,7 @@ that the application has associated with the current
\fIpamh\fR. This last value was set by the application when it called
or explicitly with
-\fBpam_set_item\fR(3). Note, if PAM_FAIL_DELAY is unset (or set to NULL), then no delay will be performed.
+\fBpam_set_item\fR(3). Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay will be performed.
It is often possible to attack an authentication scheme by exploiting the time it takes the scheme to deny access to an applicant user. In cases of
@@ -84,7 +84,7 @@ dictionary attack \-\- with an automated process, the attacker tries all possibl
of useful information.
-To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process.
+To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process. Preferable this value should be set by the application or a special PAM module. Standard PAM modules should not modify the delay unconditional.
For example, a login application may require a failure delay of roughly 3 seconds. It will contain the following code: