pam_usertype: avoid determining if user exists - pam.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	ikerexxe <ipedrosa@redhat.com>	2020-06-16 14:44:04 +0200
committer	Tomáš Mráz <7125407+t8m@users.noreply.github.com>	2020-06-17 14:36:09 +0200
commit	0e9b286afe1224b91ff00936058b084ad4b776e4 (patch)
tree	b46db284d1ae7dd93c3f5a902261007af6d82707 /modules/pam_limits
parent	af0faf666c5008e54dfe43684f210e3581ff1bca (diff)
download	pam-0e9b286afe1224b91ff00936058b084ad4b776e4.tar.gz pam-0e9b286afe1224b91ff00936058b084ad4b776e4.tar.bz2 pam-0e9b286afe1224b91ff00936058b084ad4b776e4.zip

pam_usertype: avoid determining if user exists

Taking a look at the time for the password prompt to appear it was possible to determine if a user existed in a system. Solved it by matching the runtime until the password prompt was shown by always checking the password hash for an existing and a non-existing user. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1629598

Diffstat (limited to 'modules/pam_limits')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: